SQL Injection Vulnerability in WP Easy Gallery Plugin Allows Attackers to Extract Sensitive Information from Database
CVE-2024-8436

9.9CRITICAL

Key Information:

Vendor: Wordpress
Status: WP Easy Gallery – WordPress Gallery Plugin
Vendor: CVE Published:; 25 September 2024

Summary

The WP Easy Gallery plugin for WordPress has a vulnerability that allows authenticated users to exploit SQL Injection via the 'edit_imageId' and 'edit_imageDelete' parameters. This vulnerability arises due to inadequate escaping of user-supplied input and improperly constructed SQL queries. As a result, attackers with at least subscriber-level access can inject additional SQL queries, enabling them to access and extract sensitive information from the database, potentially compromising the integrity and confidentiality of stored data.

Affected Version(s)

WP Easy Gallery – WordPress Gallery Plugin * <= 4.8.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-easy-galler...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 25, 2024
Vulnerability Reserved
Sep 4, 2024

Credit

Lucio Sá