PHP Object Injection Vulnerability in WordPress Photo Gallery Plugin by Photo Gallery Vendor
CVE-2024-1896

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery
Vendor: CVE Published:; 2 May 2024

Summary

The Photo Gallery – Responsive Photo Gallery plugin for WordPress is susceptible to a PHP Object Injection flaw through untrusted input deserialization via the 'awl_lg_settings_' shortcode attribute. This vulnerability exists in all versions up to and including 1.4.1, allowing authenticated attackers with contributor privileges or higher to potentially inject PHP objects. While there is no inherent PHP Object Pollution (POP) chain within the plugin itself, if a POP chain exists via other plugins or themes on the affected WordPress installation, it can lead to grave risks including arbitrary file deletions, access to sensitive data, or unauthorized code execution.

Affected Version(s)

Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery * <= 1.4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/new-photo-gall...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 2, 2024
Vulnerability Reserved
Feb 26, 2024

Credit

Francesco Carlucci