Stored Cross-Site Scripting Vulnerability Affects ImagePress Image Gallery Plugin
CVE-2024-9776

4.8MEDIUM

Key Information:

Vendor: Wordpress
Status: Imagepress – Image Gallery
Vendor: CVE Published:; 12 October 2024

Summary

The ImagePress – Image Gallery plugin for WordPress has a vulnerability allowing for Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This vulnerability affects all versions of the plugin up to and including 1.2.2. Authenticated attackers with administrator-level permissions can exploit this issue to inject arbitrary web scripts into WordPress pages, executing them whenever a user accesses an affected page. Only multi-site installations and setups with unfiltered_html disabled are impacted, potentially exposing sensitive user data and undermining website integrity.

Affected Version(s)

ImagePress – Image Gallery * <= 1.2.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/image-gallery/...

https://plugins.trac.wordpress.org/changeset/3167164/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 12, 2024
Vulnerability Reserved
Oct 9, 2024

Credit

家桥王