CVE-2024-9778

Summary

CVE-2024-9778 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the ImagePress – Image Gallery plugin for WordPress, affecting all versions up to and including 1.2.2. The vulnerability stems from inadequate nonce validation in the 'imagepress_admin_page' function, allowing unauthenticated attackers to manipulate plugin settings, such as redirection URLs, by tricking a site administrator into clicking a malicious link. To remediate this issue, users should update the plugin to version 1.2.3 or later, where the vulnerability has been addressed. This vulnerability poses a medium-level risk with an exploitability score of 2.8, requiring user interaction for exploitation but potentially leading to unauthorized changes in plugin configuration. Organizations using affected versions should prioritize updating to mitigate the risk of unauthorized access and potential redirection attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.