CVE-2024-12237 – This SSRF vulnerability in the WordPress Photo ... (How to Fix)

Q: What is the severity of CVE-2024-12237?

CVE-2024-12237 has a CVSS score of 4.3 (MEDIUM). This SSRF vulnerability in the WordPress Photo Gallery Slideshow & Masonry Tiled Gallery plugin allows authenticated users (even with low-privilege Subscriber accounts) to make arbitrary web requests from the vulnerable server. Attackers can use this to probe internal networks and retrieve limited information from internal services. All WordPress sites using this plugin up to version 1.0.15 are affected.

📋 TL;DR

This SSRF vulnerability in the WordPress Photo Gallery Slideshow & Masonry Tiled Gallery plugin allows authenticated users (even with low-privilege Subscriber accounts) to make arbitrary web requests from the vulnerable server. Attackers can use this to probe internal networks and retrieve limited information from internal services. All WordPress sites using this plugin up to version 1.0.15 are affected.

💻 Affected Systems

Products:

Photo Gallery Slideshow & Masonry Tiled Gallery WordPress plugin

Versions: All versions up to and including 1.0.15

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled. Attackers need at least Subscriber-level WordPress authentication.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive internal services, retrieve credentials or configuration data from internal endpoints, or use the vulnerable server as a proxy for attacks against internal infrastructure.

🟠

Likely Case

Attackers will use this to scan internal networks, identify internal services, and potentially retrieve limited information from misconfigured internal endpoints that don't require authentication.

🟢

If Mitigated

With proper network segmentation and internal service authentication, impact is limited to information disclosure about internal network structure and service availability.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires WordPress authentication but only at Subscriber level (lowest privileged authenticated role). The vulnerability is in a publicly accessible AJAX callback function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.16 or later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3157548/wp-responsive-photo-gallery/trunk/wp-responsive-photo-gallery.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Photo Gallery Slideshow & Masonry Tiled Gallery'. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 1.0.16+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the plugin until patched

wp plugin deactivate wp-responsive-photo-gallery

Restrict AJAX endpoints

all

Use web application firewall to block access to the vulnerable AJAX callback

# Add WAF rule to block requests to /wp-admin/admin-ajax.php with action=rjg_get_youtube_info_justified_gallery

🧯 If You Can't Patch

Remove Subscriber role access or implement additional authentication for AJAX endpoints
Implement network-level restrictions to prevent outbound requests from web servers to internal networks

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Photo Gallery Slideshow & Masonry Tiled Gallery > Version. If version is 1.0.15 or lower, you are vulnerable.

Check Version:

wp plugin get wp-responsive-photo-gallery --field=version

Verify Fix Applied:

After update, verify plugin version shows 1.0.16 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /wp-admin/admin-ajax.php with action=rjg_get_youtube_info_justified_gallery
Web server making outbound requests to internal IP addresses or unusual domains

Network Indicators:

Web server initiating HTTP requests to internal network segments
Unusual outbound traffic patterns from web server to non-standard ports

SIEM Query:

source="web_server_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data CONTAINS "action=rjg_get_youtube_info_justified_gallery"

📊 Metadata

CVE ID: CVE-2024-12237

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-918

EPSS Score: 0.18% exploit probability (39th percentile)

Published: January 3, 2025

Last Updated: January 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12237, you might also want to check these: