CVE-2024-10958

Published Nov 10, 2024

Last updated 3 days ago

CVSS high 7.3

Overview

Description
The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Source
security@wordfence.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.3
Impact score
3.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-94

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Top Exploits from this week as per Sploitus[x]com (I'll be posting those that are interesting enough, check out their website - it changes regularly) No 2. Exploit for Code Injection in Wppa Wp Photo Album Plus CVE-2024-10958 PoC code for unauthenticated arbitrary shortcode… ht

    @offsitedark

    16 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-10958 (CVSS:7.3, HIGH) is Analyzed. The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrendere..https://t.co/FmDdN4gxDk #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    15 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10958 (Published: 2024-11-10) affects WP Photo Album Plus plugin for WordPress. This vulnerability impacts multiple versions. To safeguard your site, update to the latest version immediately. Stay secure! 🔒 More info: https://t.co/Fi6UgPY3h5 #WordPress #Security

    @transilienceai

    14 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10958 (Published: 2024-11-10) - A high-severity vulnerability affects WP Photo Album Plus plugin. Ensure you're using the latest version to mitigate risks. Check for updates and apply remediation ASAP! More info: https://t.co/Fi6UgPY3h5 #WordPress #Security

    @transilienceai

    14 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-10958 (Published: 2024-11-10) - Critical vulnerability in WP Photo Album Plus. Affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, check the changeset: https://t.co/iVFk6tec5h #WordPress… https://

    @transilienceai

    14 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2024-10958 (Published: 2024-11-10) - A critical vulnerability in WP Photo Album Plus affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For details, check the changeset: https://t.co/iVFk6tec5h #WordPress… https://t.co

    @transilienceai

    14 Nov 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2024-10958 (Published: 2024-11-10) - A high-severity vulnerability in WordPress plugin WP Photo Album Plus (versions prior to 8.8.08.004) has been identified. Users are urged to update to the latest version to mitigate risks. More info: https://t.co/fXIenAcUfv #WordPress…

    @transilienceai

    14 Nov 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-10958 (Published: 2024-11-10) - A medium severity vulnerability affects Wordfence. Ensure your Wordfence plugin is updated to the latest version to mitigate risks. For detailed insights and remediation steps, visit: https://t.co/f23RYBM97q #CyberSecurity

    @transilienceai

    11 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE-2024-10958 (Published: 2024-11-10) affects WP Photo Album Plus plugin for WordPress. This low-severity vulnerability impacts multiple versions. Users are urged to update to the latest version to mitigate risks. Stay secure! 🔒 More info: https://t.co/Fi6UgPYB6D #WordPress…

    @transilienceai

    11 Nov 2024

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CVE-2024-10958 (Published: 2024-11-10) - A low-severity vulnerability affects WordPress plugin WP Photo Album Plus. Ensure you're using the latest version to mitigate risks. For more details and remediation steps, visit: https://t.co/Fi6UgPYB6D #WordPress #Security

    @transilienceai

    11 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 CVE-2024-10958 (Published: 2024-11-10) - A high-severity vulnerability in WP Photo Album Plus plugin affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. For more details, visit: https://t.co/Fi6UgPYB6D #WordPress #Security

    @transilienceai

    11 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 CVE-2024-10958 (Published: 2024-11-10) - Critical vulnerability in WP Photo Album Plus. Affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/iVFk6teJUP #WordPress #SecurityUpdate

    @transilienceai

    11 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 CVE-2024-10958 (Published: 2024-11-10) - Critical vulnerability in WP Photo Album Plus. Affects multiple versions. 🛠️ Remediation: Update to the latest version to protect your site. Stay secure! 🔒 More info: https://t.co/iVFk6teJUP #WordPress #Security #CVE

    @transilienceai

    11 Nov 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2024-10958 Arbitrary Shortcode Execution in WP Photo Album Plus Plugin The WP Photo Album Plus plugin for WordPress has a vulnerability in all versions up to 8.8.08.007. This issue is linked to the getshortco... https://t.co/4sMFSK1sIV

    @VulmonFeeds

    10 Nov 2024

    75 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. A new vulnerability with increased severity was disclosed for WP Photo Album Plus Plugin (CVE-2024-10958) https://t.co/NzxiiBGw7b

    @vuldb

    10 Nov 2024

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-10958 The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, … https://t.co/IdTtxGrtxN

    @CVEnew

    10 Nov 2024

    700 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References