← Back to CVE List

CVE-2024-5343

Published: 2024-06-19T06:15Z
Last Modified: 2024-11-21T09:47Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This makes it possible for unauthenticated attackers to create new posts and reset gallery view counts via a forged request granted they can trick a Contributor+ level user into performing an action such as clicking on a link. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt