CVE-2021-24349 — MEDIUM (6.1)

Q: How severe is CVE-2021-24349?

CVE-2021-24349 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24349?

Check the references section above for vendor advisories and patch information. Affected products include: Gallery From Files Project Gallery From Files.

Vulnerability Description

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lack of CSRF check, the attack could also be performed via such vector.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Gallery From Files Project	Gallery From Files	<= 1.6.0

Related Weaknesses (CWE)

CWE-79 CWE-352

References

https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66caExploitThird Party Advisory
https://wpscan.com/vulnerability/6bb4eb71-d702-4732-b01f-b723077d66caExploitThird Party Advisory

FAQ

What is CVE-2021-24349?

CVE-2021-24349 is a vulnerability with a CVSS score of 6.1 (MEDIUM). This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when ...

How severe is CVE-2021-24349?

CVE-2021-24349 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24349?

Check the references section above for vendor advisories and patch information. Affected products include: Gallery From Files Project Gallery From Files.