Analysis Summary

CVE-2024-5343 CVSS:8.8

Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2023-46146 CVSS:8.3

Themify Ultra theme for WordPress could allow a remote authenticated attacker to bypass security restrictions, caused by missing authorization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.

CVE-2024-37881 CVSS:5.3

SiteGuard WP Plugin for WordPress could allow a remote attacker to obtain sensitive information, caused by insertion of sensitive information into sent data. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

Impact

• Gain Access
• Security Bypass
• Information Disclosure

Indicators of Compromise

CVE

• CVE-2024-5343
• CVE-2023-46146
• CVE-2024-37881

Affected Vendors

Remediation

Upgrade to the latest version of Plugin for WordPress, available from the WordPress Plugin Directory.

CVE-2024-5343

CVE-2023-46146

CVE-2024-37881