Welcome to WordPress Community Forum. Please login or sign up.

Dec 07, 2024, 09:38 PM

Login with username, password and session length

Shoutbox


Recent

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 3
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 3
  • Total: 3
3 Guests, 0 Users

WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - CSRF

Started by Kailash, Jun 16, 2022, 06:28 AM

Previous topic - Next topic

WordPress Premium Themes


Kailash

WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change

Plugin name: Photo Gallery by Supsystic
Vulnerable versions: <= 1.15.5
Fixed in: N/A
CVE ID: CVE-2021-36891
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed: 2022-06-15

Vulnerability Details

Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change discovered by Rasi Afeef (Patchstack Alliance) in WordPress Photo Gallery by Supsystic plugin (versions <= 1.15.5).

Solution

No patched version available. It is recommended to disable and delete this plugin until there is a patch available to address this.

Plugin Link: https://wordpress.org/plugins/gallery-by-supsystic/

WordPress Premium Themes