CVE-2024-5343

Name of the Vulnerable Software and Affected Versions Rbs Image Gallery plugin for WordPress versions up to, and including, 3.2.19

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the rbs ajax create article and rbs ajax reset views functions. This allows unauthenticated attackers to create new posts and reset gallery view counts via a forged request if they can trick a Contributor+ level user into performing an action such as clicking on a link.

Recommendations For Rbs Image Gallery plugin for WordPress versions up to, and including, 3.2.19: Update to a version that includes the fix for the nonce validation issue in the rbs ajax create article and rbs ajax reset views functions. As a temporary workaround, consider restricting access to the rbs ajax create article and rbs ajax reset views functions until a patch is available.