cleantalk
Vulnerabilities and Security Researches

MaxGalleria, CVE-2024-3581

CVE, Research URL

CVE-2024-3581

Home page URL

Security reports for MaxGalleria

Application

MaxGalleria

Published on
May 02, 2024
Research Description
The MaxGalleria plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the add_media_library_images_to_gallery function in all versions up to, and including, 6.4.2. This makes it possible for authenticated attackers, with subscriber access or above, to upload arbitrary images to a gallery.
Affected versions
Min -, max 6.4.3.
Status
vulnerable
Previous vulnerability researches
MaxGalleria (CVE-2024-3581) , Jun 06, 2024
MaxGalleria (CVE-2022-25603) , Jun 06, 2024
MaxGalleria (CVE-2024-5970) , Jun 20, 2024
New vulnerability
Post Rating and Review (CVE-2025-6538) , Jun 27, 2025
WP Masonry & Infinite Scroll (CVE-2025-5488) , Jun 27, 2025
Modern Design Library (CVE-2025-5842) , Jun 27, 2025
FastBook – Responsive Appointment Booking and Scheduling System (CVE-2025-25173) , Jun 27, 2025
Zapier for WordPress (CVE-2025-50010) , Jun 27, 2025