WordPress Robo Gallery Plugin <= 3.2.11 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-24414

8.8HIGH

Key Information:

Vendor: WordPress
Status: Photo Gallery, Images, Slider in Rbs Image Gallery
Vendor: CVE Published:; 20 May 2023

What is CVE-2023-24414?

This vulnerability allows attackers to perform unauthorized actions on behalf of authenticated users through malicious requests. Users of the Rbs Image Gallery plugin versions 3.2.11 and earlier should take urgent action to mitigate the risks associated with this CSRF vulnerability. It is recommended to update the plugin to a secure version or implement protective measures to secure web applications against possible exploitation.

Affected Version(s)

Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.11

References

https://patchstack.com/database/vulnerability/robo-galler...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2023
Vulnerability Reserved
Jan 23, 2023

Credit

thiennv (Patchstack Alliance)