WordPress Plugin Vulnerabilities

Easy Media Gallery 1.2.25 - includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF

Description

The Gallery – Photo Albums Plugin WordPress plugin was affected by an includes/emg-settings.php spg_add_admin Function Admin User Creation CSRF security vulnerability.

Affects Plugins

Plugin icon
easy-media-gallery
Fixed in 1.2.27

References

URL
https://incolumitas.com/2013/12/17/exploiting-wordpress-plugins-using-insecure-admin-forms-no-3-example-exploit-included/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Verified
No
WPVDB ID
1dc46d26-ec55-4ec5-b8d9-4dbf187b5c96

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-03-09 (about 6 years ago)

Other

Published
Title
Published
2023-10-03
Title
Social Proof Testimonials and Reviews by Repuso < 5.02 - CSRF
Published
2026-03-18
Title
Barcode Scanner with Inventory & Order Manager < 1.12.0 - Cross-Site Request Forgery
Published
2025-01-16
Title
Len Slider <= 2.0.11 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
Published
2024-04-05
Title
Easy Digital Downloads < 3.2.7 - Cross-Site Request Forgery
Published
2025-04-09
Title
Foliopress WYSIWYG <= 2.6.18 - Cross-Site Request Forgery to Stored Cross-Site Scripting