CVE-2024-4386
Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Gallery Block (Meow Gallery) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_atts’ parameter in versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
El complemento Gallery Block (Meow Gallery) para WordPress es vulnerable a Cross-Site Scripting Almacenado a través del parámetro 'data_atts' en versiones hasta la 5.1.3 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-01 CVE Reserved
- 2024-05-08 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tigroumeow Search vendor "Tigroumeow" | Gallery Block (Meow Gallery) Search vendor "Tigroumeow" for product "Gallery Block (Meow Gallery)" | <= 5.1.3 Search vendor "Tigroumeow" for product "Gallery Block (Meow Gallery)" and version " <= 5.1.3" | en |
Affected
| ||||||