Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability in AI Responsive Gallery Album
CVE-2024-52467

7.1HIGH

Key Information:

Vendor: WordPress
Status: Ai Responsive Gallery Album
Vendor: CVE Published:; 2 December 2024

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the AI Responsive Gallery Album developed by August Infotech, which could permit an attacker to inject malicious scripts through improper input handling during webpage generation. This flaw affects versions from n/a up to 1.4, potentially compromising user data and allowing attackers to execute scripts in the context of users' browsers. Organizations utilizing this plugin should prioritize updates and implement security best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

AI Responsive Gallery Album <= 1.4

References

https://patchstack.com/database/wordpress/plugin/ai-respo...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)