CVE-2024-5481

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.23

Description The issue allows authenticated attackers to perform Path Traversal via the esc dir function, enabling them to copy the contents of arbitrary files on the server, which may contain sensitive information, and delete arbitrary directories, including the root WordPress directory. By default, this can be exploited by administrators only. However, in the premium version of the plugin, administrators can grant gallery edit permissions to lower-level users, potentially making this exploitable by users as low as contributors.

Recommendations For versions up to, and including, 1.8.23, update to a version higher than 1.8.23 to resolve the issue. As a temporary workaround, consider restricting gallery edit permissions to prevent lower-level users from exploiting the vulnerability. Additionally, restrict access to sensitive files and directories on the server to minimize the risk of exploitation.