CVE-2024-11002

Published
View on NVD ↗
CVSS v3
6.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.

InPost Gallery
InPost Gallery
<p>InPost Gallery &#8211; Powerful and very pleasant photo gallery plugin to work with images in WordPress.</p> <p>5 galleries in one plugin. Do not read documentations &#8211; install and use!<br /> Unique functionality: Each gallery can be presented on the page as one clickable image!!!</p> <p>Insert such little image in any widget, and your customers will be able to watch big galleries by one click!</p> <p>The Backend is powered with visual shortcodes management where you only by mouse can change view of your post gallery on front.<br /> You do not need go to another pages with amount of options.</p> <p>Just install and use, all you need it is popup with shortcode options in your current page editor.</p> <p>Good for photographers and portfolios.</p> <p>The plugin can be used as <a href="http://inpost-gallery.pluginus.net/woocommerce-images-gallery/" rel="nofollow ugc">woocommerce images gallery</a></p> <p>Supports: multiple images uploading, css effects (like round corners of images with shadow).</p> <p>PHP 8.x compatible!</p> <p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/BWu-M6PIscE?version=3&#038;rel=1&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;fs=1&#038;hl=en-US&#038;autohide=2&#038;wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p> <h3>License</h3> <p>This plugin is copyright pluginus.net ©2012-2026 with <a href="http://www.gnu.org/copyleft/gpl.html" rel="nofollow ugc">GNU General Public License</a> by realmag777.</p> <p>This program is free software; you can redistribute it and/or modify it under the terms of the <a href="http://www.gnu.org/copyleft/gpl.html" rel="nofollow ugc">GNU General Public License</a> as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p> <p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. See the GNU General Public License for more details.</p>
WordPress Plugin DirectoryWordPress Plugin Directory
71K