Login Sign Up

CVE-2024-3899

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

The Gallery Plugin for WordPress versions before 1.8.15 contains a cross-site scripting (XSS) vulnerability in image settings. This allows authenticated users with post-writing privileges (like Authors) to inject malicious scripts that execute when administrators view affected pages. WordPress sites using vulnerable plugin versions are affected.

💻 Affected Systems

Products:
  • Gallery Plugin for WordPress
Versions: All versions before 1.8.15
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the Gallery Plugin and at least one user with Author or higher privileges.

📦 What is this software?

Envira Gallery by Enviragallery

View all CVEs affecting Envira Gallery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with Author privileges could steal administrator session cookies, perform administrative actions on behalf of the admin, or redirect users to malicious sites.

🟠

Likely Case

Attackers with Author accounts inject malicious scripts that execute when administrators view plugin settings, potentially leading to session hijacking or site defacement.

🟢

If Mitigated

With proper user access controls and Content Security Policy headers, impact is limited to the specific administrator's session viewing the malicious content.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access with post-writing privileges. The vulnerability is in image settings fields that lack proper sanitization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.15

Vendor Advisory: https://wpscan.com/vulnerability/e3afadda-4d9a-4a51-b744-10de7d8d8578/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Gallery Plugin' and click 'Update Now'. 4. Verify version shows 1.8.15 or higher.

🔧 Temporary Workarounds

Remove Author Privileges

all

Temporarily downgrade or remove Author role from untrusted users until patching is complete.

Disable Plugin

all

Deactivate the Gallery Plugin if not essential for site functionality.

🧯 If You Can't Patch

  • Implement strict Content Security Policy headers to mitigate XSS impact
  • Audit and limit Author role assignments to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → Gallery Plugin version. If version is below 1.8.15, system is vulnerable.

Check Version:

wp plugin list --name=gallery-plugin --field=version

Verify Fix Applied:

Confirm Gallery Plugin version shows 1.8.15 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to gallery plugin settings endpoints
  • Multiple failed login attempts followed by successful Author login

Network Indicators:

  • Suspicious JavaScript payloads in gallery-related HTTP requests

SIEM Query:

source="wordpress.log" AND "gallery-plugin" AND ("POST" OR "update") AND ("script" OR "javascript" OR "onload")

📊 Metadata

CVE ID: CVE-2024-3899
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: September 11, 2024
Last Updated: September 25, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3899, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)