CVE-2024-11002

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 94

Summary

CVE-2024-11002 is a vulnerability affecting the InPost Gallery plugin for WordPress. This issue allows authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes by exploiting the inpost_gallery_get_shortcode_template AJAX action. The plugin does not adequately validate user inputs before running do_shortcode, enabling attackers to inject malicious code and potentially gain unintended access or perform unauthorized actions. Versions up to and including 2.1.4.2 are vulnerable to this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share