Description
The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it.
References
https://wpscan.com/vulnerability/8f982ebd-6fc5-452d-8280-42e027d01b1e
ExploitThird Party Advisory
Weaknesses
Could not find any weaknesses
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-16T16:15:11.000
1 year agoLast modified
2023-11-07T03:56:49.927
8 months ago