Photo Gallery by 10Web – Mobile-Friendly Image Gallery < 1.8.20 – Directory Traversal to Arbitrary File Rename | CVE 2024-0221 | Plugin Vulnerabilities

Description

The plugin is vulnerable to Directory Traversal attacks via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server.
Note: By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.

Affects Plugins

Fixed in 1.8.20

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Bence Szalai

Verified

No

WPVDB ID

3cbf5904-074f-4d48-99b8-93fb98c08f7c

Timeline

Publicly Published

2024-01-19 (about 2 years ago)

Added

2024-01-24 (about 2 years ago)

Last Updated

2024-01-24 (about 2 years ago)

Other

Published

Title

Published

2026-02-05

Title

Woo File Dropzone <= 1.1.7 - Authenticated (Subscriber+) Arbitrary File Deletion

Published

2025-07-16

Title

Formality < 1.5.10 - Unauthenticated Local File Inclusion

Published

2015-07-07

Title

S3Bubble Amazon S3 Video And Audio Streaming With Analytics <= 2.0 - Arbitrary File Download

Published

2025-09-23

Title

BM Content Builder < 3.16.3.3 - Authenticated (Contributor+) Arbitrary File Deletion

Published

2014-08-01

Title

OPS Old Post Spinner 2.2.1 - LFI