WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - CSRF

Kailash · Jun 16, 2022, 06:28 AM

WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change

Plugin name: Photo Gallery by Supsystic
Vulnerable versions: <= 1.15.5
Fixed in: N/A
CVE ID: CVE-2021-36891
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed: 2022-06-15

Vulnerability Details

Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change discovered by Rasi Afeef (Patchstack Alliance) in WordPress Photo Gallery by Supsystic plugin (versions <= 1.15.5).

Solution

No patched version available. It is recommended to disable and delete this plugin until there is a patch available to address this.

Plugin Link: https://wordpress.org/plugins/gallery-by-supsystic/

WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - CSRF

Kailash