Severity
High
Analysis Summary
CVE-2024-5343 CVSS:8.8
Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2023-46146 CVSS:8.3
Themify Ultra theme for WordPress could allow a remote authenticated attacker to bypass security restrictions, caused by missing authorization vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVE-2024-37881 CVSS:5.3
SiteGuard WP Plugin for WordPress could allow a remote attacker to obtain sensitive information, caused by insertion of sensitive information into sent data. By sending a specially crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
Impact
- Gain Access
- Security Bypass
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-5343
- CVE-2023-46146
- CVE-2024-37881
Affected Vendors
Affected Products
- Themify Ultra theme for WordPress 7.3.5
- SiteGuard WP Plugin for WordPress 1.7.6
Remediation
Upgrade to the latest version of Plugin for WordPress, available from the WordPress Plugin Directory.