CVE-2024-24887

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 84.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Contest-gallery Contest Gallery

Timeline

PublishedFeb 12

Description

Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

▶NVDcontest-gallery/contest_gallery< 21.2.9

🔴Vulnerability Details

GHSA

GHSA-6g9h-hqh5-4f36: Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voti↗2024-02-12

▶

CVEList

WordPress Contest Gallery Plugin <= 21.2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)↗2024-02-12

▶