cleantalk
Vulnerabilities and Security Researches

WP Easy Gallery – WordPress Gallery Plugin, CVE-2024-8437

CVE, Research URL

CVE-2024-8437

Home page URL

Security reports for WP Easy Gallery – WordPress Gallery Plugin

Application

WP Easy Gallery – WordPress Gallery Plugin

Published on
Sep 25, 2024
Research Description
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify galleries.
Affected versions
Min -, max 4.8.5.
Status
vulnerable
Previous vulnerability researches
WP Easy Gallery – WordPress Gallery Plugin (CVE-2024-9018) , Oct 01, 2024
WP Easy Gallery – WordPress Gallery Plugin (ab07689cea09dc1b31a6168441b576a38459ecee) , Jun 07, 2024
WP Easy Gallery – WordPress Gallery Plugin (CVE-2013-6837) , Jun 07, 2024
WP Easy Gallery – WordPress Gallery Plugin (CVE-2024-8436) , Sep 25, 2024
WP Easy Gallery – WordPress Gallery Plugin (CVE-2024-8437) , Sep 25, 2024
New vulnerability
Able Player, accessible HTML5 media player (CVE-2025-3752) , May 02, 2025
WP Statistics (CVE-2025-3953) , May 01, 2025
Calculated Fields Form (CVE-2024-12273) , May 01, 2025
Admin and Site Enhancements (ASE) (CVE-2024-13688) , Apr 30, 2025
WordPress Simple Shopping Cart (CVE-2025-3529) , Apr 30, 2025