CVE-2019-14467

Social Photo Gallery <= 1.0 - Remote Code Execution

highImproper Control of Generation of Code ('Code Injection')

7.8

CVSS Score

7.8

CVSS Score

high

Severity

Unpatched

Patched in

N/A

Time to patch

Description

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked.

CVSS Vector Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

High

Confidentiality

High

Integrity

High

Availability

Technical Details

Affected versions<=1.0

PublishedNovember 13, 2019

Last updatedJanuary 22, 2024

Affected pluginsocial-photo-gallery

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/546976ff-eabe-4d24-b106-b8e66b7c2c5a?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database