{ "id": "CVE-2024-12114", "sourceIdentifier": "security@wordfence.com", "published": "2025-03-08T06:15:35.103", "lastModified": "2025-03-12T16:24:29.630", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.29 via the foogallery_attachment_modal_save AJAX action due to missing validation on a user controlled key (img_id). This makes it possible for authenticated attackers, with granted access and above, to update arbitrary post and page content. This requires the Gallery Creator Role setting to be a value lower than 'Editor' for there to be any real impact." }, { "lang": "es", "value": "El complemento FooGallery \u2013 Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 2.4.29 incluida a trav\u00e9s de la acci\u00f3n AJAX foogallery_attachment_modal_save debido a la falta de validaci\u00f3n en una clave controlada por el usuario (img_id). Esto hace posible que atacantes autenticados, con acceso otorgado o superior, actualicen contenido arbitrario de publicaciones y p\u00e1ginas. Esto requiere que la configuraci\u00f3n del rol de creador de la galer\u00eda sea un valor inferior a \"Editor\" para que haya un impacto real." } ], "metrics": { "cvssMetricV31": [ { "source": "security@wordfence.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "security@wordfence.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-639" } ] }, { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-639" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:fooplugins:foogallery:*:*:*:*:-:wordpress:*:*", "versionEndExcluding": "2.4.30", "matchCriteriaId": "49D38907-6623-4FC4-8E0B-22E0107DA71A" } ] } ] } ], "references": [ { "url": "https://github.com/fooplugins/foogallery/blob/master/includes/admin/class-gallery-attachment-modal.php#L242", "source": "security@wordfence.com", "tags": [ "Product" ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3250684/foogallery/tags/2.4.30/includes/admin/class-gallery-attachment-modal.php?old=3229839&old_path=foogallery%2Ftags%2F2.4.29%2Fincludes%2Fadmin%2Fclass-gallery-attachment-modal.php", "source": "security@wordfence.com", "tags": [ "Patch" ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fe3ad9-247f-4e5d-8c79-0970afaa7729?source=cve", "source": "security@wordfence.com", "tags": [ "Third Party Advisory" ] } ] }