CVE-2024-3097

MEDIUM5.3

Public PoC

Description

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

smub / Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery0 – 3.59

Exploits & PoCs

nucleiNextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosureby DhiyaneshDk

References

MISChttps://www.wordfence.com/threat-intel/vulnerabilities/id/75f87f99-9f0d-46c2-a6f1-3c1ea0176303?source=cve
MISChttps://zpbrent.github.io/pocs/8-plugin-nextgen-gallery-InfoDis-20240327.mp4
MISChttps://plugins.trac.wordpress.org/browser/nextgen-gallery/trunk/src/REST/Admin/Block.php#L40
MISChttps://plugins.trac.wordpress.org/changeset/3063940/nextgen-gallery/trunk/src/REST/Admin/Block.php?old=3003333&old_path=nextgen-gallery%2Ftrunk%2Fsrc%2FREST%2FAdmin%2FBlock.php