Vulnerabilities and security researches fornew-album-gallery new-album-gallery

Jun 07, 2024

CVE, Research URL: CVE-2023-23646
Home page URL: Security reports for Album Gallery – WordPress Gallery
Application: Album Gallery – WordPress Gallery
Date: Jul 17, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.
Affected versions: max 1.5.0.
Status: vulnerable

Jun 11, 2024

CVE, Research URL: CVE-2024-35720
Home page URL: Security reports for Album Gallery – WordPress Gallery
Application: Album Gallery – WordPress Gallery
Date: Jun 10, 2024
Research Description: Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.
Affected versions: max 1.5.8.
Status: vulnerable

Mar 02, 2025

CVE, Research URL: CVE-2024-13833
Home page URL: Security reports for Album Gallery – WordPress Gallery
Application: Album Gallery – WordPress Gallery
Date: Mar 01, 2025
Research Description: The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
Affected versions: max 1.6.4.
Status: vulnerable