PT-2026-25843 · WordPress+1 · Google Cloud Storage For Craft Cms+1
Angrybrad
·
Published
2026-03-16
·
Updated
2026-03-18
·
CVE-2026-32266
CVSS v4.0
2.4
Low
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:U |
Name of the Vulnerable Software and Affected Versions
Google Cloud Storage for Craft CMS plugin versions prior to 2.2.1
Description
The Google Cloud Storage for Craft CMS plugin integrates Google Cloud Storage with Craft CMS. Versions of the plugin on the 2.x branch prior to 2.2.1 allow unauthenticated users possessing a valid CSRF token to view a list of buckets the plugin has access to via the
DefaultController->actionLoadBucketData() API endpoint. The DefaultController->actionLoadBucketData() endpoint is vulnerable.Recommendations
Update the plugin to version 2.2.1.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Craft Cms
Google Cloud Storage For Craft Cms