Server-Side Request Forgery Vulnerability in WordPress Photo Gallery Plugin
CVE-2024-12237

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Photo Gallery Slideshow & Masonry Tiled Gallery
Vendor: CVE Published:; 3 January 2025

What is CVE-2024-12237?

The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF), allowing authenticated users with Subscriber-level access and above to send unauthorized web requests through the rjg_get_youtube_info_justified_gallery_callback function. This vulnerability can be exploited to access information from internal services, posing potential risks to the overall security of web applications utilizing this plugin.

Affected Version(s)

Photo Gallery Slideshow & Masonry Tiled Gallery 0 <= 1.0.15

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-responsive-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2025

CVE-2024-12237 Data

JSON