ImagePress – Image Gallery Plugin Vulnerable to CSRF (DC-2024-9778)

2024-11-25

This blog post details a Cross-Site Request Forgery (CSRF) vulnerability in the ImagePress – Image Gallery plugin for WordPress.

Vulnerability Breakdown:

Platform: WordPress
Version: ImagePress – Image Gallery plugin versions up to 1.2.2 (inclusive)
Vulnerability: Cross-Site Request Forgery (CSRF)
Severity: Medium (CVSS v3 score not provided)
Date: October 12, 2024 (published)

The vulnerability arises due to missing or incorrect nonce validation in the plugin’s “imagepress_admin_page” function. This allows attackers to trick administrators into updating plugin settings (including redirection URLs) through forged requests.

What Undercode Says:

This vulnerability can be exploited by attackers to potentially redirect website visitors to malicious websites. It’s crucial to update the ImagePress – Image Gallery plugin to version 1.3.0 or later to address this security risk.

Remember:

Update your ImagePress – Image Gallery plugin to version 1.3.0 or later.
Be cautious when clicking on links, especially from untrusted sources.

Disclaimer: This information is for educational purposes only. Please consult a security professional for further guidance.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top