Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability in AI Responsive Gallery Album
CVE-2024-52467

7.1HIGH

Key Information:

Vendor

WordPress
Status
Ai Responsive Gallery Album
Vendor
CVE Published:
2 December 2024

What is CVE-2024-52467?

A Cross-Site Scripting (XSS) vulnerability exists in the AI Responsive Gallery Album developed by August Infotech, which could permit an attacker to inject malicious scripts through improper input handling during webpage generation. This flaw affects versions from n/a up to 1.4, potentially compromising user data and allowing attackers to execute scripts in the context of users' browsers. Organizations utilizing this plugin should prioritize updates and implement security best practices to mitigate risks associated with this vulnerability.

Affected Version(s)

AI Responsive Gallery Album <= 1.4

References

https://patchstack.com/database/wordpress/plugin/ai-respo...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Le Ngoc Anh (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.