CVE-2021-24465

Name of the Vulnerable Software and Affected Versions Meow Gallery WordPress plugin versions prior to 4.1.9

Description The issue arises from the Meow Gallery WordPress plugin's failure to sanitise, validate, or escape the ids attribute of its gallery shortcode, which is accessible to users with Contributor roles or higher. This oversight leads to an authenticated SQL Injection issue, allowing the manipulation of returned values. This manipulation can result in data disclosure and the deserialization of arbitrary objects.

Recommendations For versions prior to 4.1.9, update to version 4.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the gallery shortcode for users with Contributor roles or higher until the update is applied.