.. / CVE-2024-3097

Exploit for NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure (CVE-2024-3097)

Description:

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.

Nuclei Template

View the template here CVE-2024-3097.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-3097.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-3097
https://www.wordfence.com/threat-intel/vulnerabilities/id/75f87f99-9f0d-46c2-a6f1-3c1ea0176303?source=cve
https://zpbrent.github.io/pocs/8-plugin-nextgen-gallery-InfoDis-20240327.mp4
https://github.com/fkie-cad/nvd-json-data-feeds
https://plugins.trac.wordpress.org/browser/nextgen-gallery/trunk/src/REST/Admin/Block.php#L40