CVE-2024-11501

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 7, 2024
CWE ID 502

Summary

CVE-2024-11501 is a vulnerability affecting the Gallery plugin for WordPress. This issue allows authenticated attackers with Contributor-level access or higher to inject PHP Objects by deserializing untrusted input from the wd_gallery_$id parameter. No Pop chain has been identified in the vulnerable software, but if one exists via an additional plugin or theme, the attacker could delete arbitrary files, retrieve sensitive data, or execute code. WordPress users are advised to update the Gallery plugin to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share