cve-2024-12114
Vulnerability from cvelistv5
Published
2025-03-08 05:30
Modified
2025-03-10 16:11
Severity ?
EPSS score ?
Summary
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T16:11:45.739304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T16:11:56.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry \u0026 Carousel",
"vendor": "bradvin",
"versions": [
{
"lessThanOrEqual": "2.4.29",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Stiofan O\u0027Connor"
}
],
"descriptions": [
{
"lang": "en",
"value": "The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry \u0026 Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authenticated attackers, with granted access and above, to update arbitrary post and page content. This requires the Gallery Creator Role setting to be a value lower than \u0027Editor\u0027 for there to be any real impact."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-08T05:30:09.469Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fe3ad9-247f-4e5d-8c79-0970afaa7729?source=cve"
},
{
"url": "https://github.com/fooplugins/foogallery/blob/master/includes/admin/class-gallery-attachment-modal.php#L242"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3250684/foogallery/tags/2.4.30/includes/admin/class-gallery-attachment-modal.php?old=3229839\u0026old_path=foogallery%2Ftags%2F2.4.29%2Fincludes%2Fadmin%2Fclass-gallery-attachment-modal.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-07T16:21:23.000+00:00",
"value": "Disclosed"
}
],
"title": "FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry \u0026 Carousel \u003c= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12114",
"datePublished": "2025-03-08T05:30:09.469Z",
"dateReserved": "2024-12-03T20:45:57.298Z",
"dateUpdated": "2025-03-10T16:11:56.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12114\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2025-03-08T06:15:35.103\",\"lastModified\":\"2025-03-12T16:24:29.630\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry \u0026 Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authenticated attackers, with granted access and above, to update arbitrary post and page content. This requires the Gallery Creator Role setting to be a value lower than \u0027Editor\u0027 for there to be any real impact.\"},{\"lang\":\"es\",\"value\":\"El complemento FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry \u0026amp; Carousel para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 2.4.29 incluida a trav\u00e9s de la acci\u00f3n AJAX foogallery_attachment_modal_save debido a la falta de validaci\u00f3n en una clave controlada por el usuario (img_id). Esto hace posible que atacantes autenticados, con acceso otorgado o superior, actualicen contenido arbitrario de publicaciones y p\u00e1ginas. Esto requiere que la configuraci\u00f3n del rol de creador de la galer\u00eda sea un valor inferior a \\\"Editor\\\" para que haya un impacto real.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@wordfence.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fooplugins:foogallery:*:*:*:*:-:wordpress:*:*\",\"versionEndExcluding\":\"2.4.30\",\"matchCriteriaId\":\"49D38907-6623-4FC4-8E0B-22E0107DA71A\"}]}]}],\"references\":[{\"url\":\"https://github.com/fooplugins/foogallery/blob/master/includes/admin/class-gallery-attachment-modal.php#L242\",\"source\":\"security@wordfence.com\",\"tags\":[\"Product\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/3250684/foogallery/tags/2.4.30/includes/admin/class-gallery-attachment-modal.php?old=3229839\u0026old_path=foogallery%2Ftags%2F2.4.29%2Fincludes%2Fadmin%2Fclass-gallery-attachment-modal.php\",\"source\":\"security@wordfence.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fe3ad9-247f-4e5d-8c79-0970afaa7729?source=cve\",\"source\":\"security@wordfence.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.