2024-11-25
This blog post details a Cross-Site Request Forgery (CSRF) vulnerability in the ImagePress – Image Gallery plugin for WordPress.
Vulnerability Breakdown:
Platform: WordPress
Version: ImagePress – Image Gallery plugin versions up to 1.2.2 (inclusive)
Vulnerability: Cross-Site Request Forgery (CSRF)
Severity: Medium (CVSS v3 score not provided)
Date: October 12, 2024 (published)
The vulnerability arises due to missing or incorrect nonce validation in the plugin’s “imagepress_admin_page” function. This allows attackers to trick administrators into updating plugin settings (including redirection URLs) through forged requests.
What Undercode Says:
This vulnerability can be exploited by attackers to potentially redirect website visitors to malicious websites. It’s crucial to update the ImagePress – Image Gallery plugin to version 1.3.0 or later to address this security risk.
Remember:
Update your ImagePress – Image Gallery plugin to version 1.3.0 or later.
Be cautious when clicking on links, especially from untrusted sources.
Disclaimer: This information is for educational purposes only. Please consult a security professional for further guidance.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help