CVE-2024-10535

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 6, 2024

Updated: Nov 8, 2024

CWE ID 862

Summary

CVE-2024-10535 is a vulnerability affecting the Video Gallery plugin for WooCommerce on WordPress. The issue lies in the missing capability check on the remove_unused_thumbnails() function. Hackers can exploit this vulnerability by deleting thumbnails in the video-wc-gallery-thumb directory without authentication. Successful exploitation allows unauthenticated attackers to manipulate data within the plugin, potentially leading to significant security risks. All versions up to and including 1.31 are reportedly affected. Users are advised to update the plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database