CVE-2021-24363

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin versions prior to 1.5.75

Description The issue allows high privilege users to upload files outside of the intended uploads folder due to a path traversal vector, potentially leading to unauthorized file system access.

Recommendations For versions prior to 1.5.75, update to version 1.5.75 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to low-privilege users until the update is applied.