Login Sign Up

CVE-2024-49325

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability allows subscribers (low-privileged users) in WordPress to dismiss admin notices they shouldn't have access to, due to broken access control in the Photo Gallery Builder plugin. It affects WordPress sites using Photo Gallery Builder version 3.0 or earlier. The impact is limited to notice dismissal functionality.

💻 Affected Systems

Products:
  • WordPress Photo Gallery Builder Plugin
Versions: <= 3.0
Operating Systems: All platforms running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress with Photo Gallery Builder plugin installed and subscriber users enabled.

📦 What is this software?

Photo Gallery Builder by Wpdiscover

View all CVEs affecting Photo Gallery Builder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Subscribers could dismiss important security or maintenance notices intended only for administrators, potentially causing administrators to miss critical alerts.

🟠

Likely Case

Subscribers accidentally or intentionally dismiss non-critical admin notices, causing minor administrative inconvenience.

🟢

If Mitigated

Proper role-based access controls prevent subscribers from accessing any admin functionality, limiting impact to notice dismissal only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires subscriber-level access. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 3.0

Vendor Advisory: https://patchstack.com/database/vulnerability/photo-gallery-builder/wordpress-photo-gallery-builder-plugin-3-0-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Photo Gallery Builder'. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Remove subscriber access

all

Temporarily disable or remove subscriber user accounts until patch is applied.

Disable plugin

all

Deactivate Photo Gallery Builder plugin if not essential.

🧯 If You Can't Patch

  • Implement strict role-based access controls using WordPress security plugins.
  • Monitor admin notice dismissal logs for unauthorized subscriber activity.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin > Plugins > Photo Gallery Builder version. If version is 3.0 or lower, system is vulnerable.

Check Version:

wp plugin list --name=photo-gallery-builder --field=version

Verify Fix Applied:

Verify plugin version is greater than 3.0 in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Subscriber users accessing admin notice dismissal endpoints
  • Unauthorized POST requests to notice dismissal URLs

Network Indicators:

  • HTTP POST requests to /wp-admin/admin-ajax.php with notice dismissal actions from subscriber IPs

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND action="dismiss_notice" AND user_role="subscriber")

📊 Metadata

CVE ID: CVE-2024-49325
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-862
Published: October 20, 2024
Last Updated: October 22, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49325, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)