What is CVE-2024-5481?

CVE-2024-5481 is a medium-severity vulnerability in 10web Photo Gallery By – Mobile-friendly Image, classified under Path Traversal: '.../...//'. CVSS score: 6.8/10. Published 2024-06-07.

How severe is CVE-2024-5481?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Path Traversal in 10web Photo Gallery By – Mobile-friendly Image

CVE-2024-5481

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cu…

EPSS: 0.016 (82.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H.

Affected products

10web Photo Gallery By – Mobile-friendly Image — versions 0

Weakness classification (CWE)

CWE-35 — Path Traversal: '.../...//'

References

www.wordfence.com/threat-intel/vulnerabilities/id/76c38826-4d49-4204-b6b6-b01d0…
plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.p…
plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.p…
plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.p…
plugins.trac.wordpress.org/changeset/3098798/
wordpress.org/plugins/photo-gallery/

Frequently asked questions

What is CVE-2024-5481?: CVE-2024-5481 is a medium-severity vulnerability in 10web Photo Gallery By – Mobile-friendly Image, classified under Path Traversal: '.../...//'. CVSS score: 6.8/10. Published 2024-06-07.
How severe is CVE-2024-5481?: Medium severity. CVSS v3 base score is 6.8 out of 10.