WordPress Plugin Vulnerabilities

Galleria <= 1.0.3 - Cross-Site Request Forgery

Description

The plugin does not properly verify requests use nonces, leading to a potential Cross-Site Request Forgery (CSRF) vulnerability.

Affects Plugins

Plugin icon
galleria
No known fix

References

CVE
CVE-2023-35780
URL
https://patchstack.com/database/vulnerability/galleria/wordpress-galleria-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
3992d73a-04ef-4d33-8313-76f5a6c9bb63

Timeline

Publicly Published
2023-06-16 (about 2 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2024-05-24
Title
WP Prayer II < 2.4.8 - Settings Update via CSRF
Published
2023-04-19
Title
Pearl < 1.3.5 - CSRF
Published
2025-01-16
Title
Book a Place <= 0.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2021-08-25
Title
Nested Pages < 3.1.16 - CSRF to Arbitrary Post Deletion and Modification
Published
2024-02-20
Title
RegistrationMagic < 5.2.6.0 - Cross-Site Request Forgery