CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49258 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2024-49258
Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. Vulnerabilidad Path Traversal: '.../...//' en el complemento Limb WordPress Gallery Plugin – Limb Image Gallery. Este problema afecta al complemento WordPress Gallery Plugin – Limb Image Gallery: desde n/a hasta 1.5.7. The Limb Gallery | Create Beautiful Image & Video Galleries plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-download-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-35: Path Traversal: '.../ •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49260 – WordPress Limb Gallery plugin <= 1.5.7 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49260
Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en el complemento Limb WordPress Gallery: Limb Image Gallery permite la inyección de código. Este problema afecta al complemento Limb WordPress Gallery: desde n/a hasta 1.5.7. The Limb Gallery | Create Beautiful Image & Video Galleries plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the GRSUploadHandler class in all versions up to, and including, 1.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/limb-gallery/wordpress-limb-gallery-plugin-1-5-7-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •