CVERadar

CVE-2024-49325

Critical Severity

SVRS

77/100

CVSSv3

8.8/10

EPSS

0.0008/1

CVE-2024-49325 is a critical security vulnerability found in Photo Gallery Builder versions 3.0 and earlier, exposing a broken access control issue for subscribers. This flaw allows unauthorized subscribers to potentially access or modify data they should not have access to. While the CVSS score is 8.8, SOCRadar's Vulnerability Risk Score (SVRS) is 77, indicating a high level of risk that warrants attention. Due to the "In The Wild" tag, this vulnerability is already being actively exploited. The CWE-862 highlights that proper authorization mechanisms are missing. Successful exploitation could lead to data breaches, unauthorized content modification, and compromise of user privacy. Organizations using Photo Gallery Builder should immediately update to a patched version or implement mitigations to address this security flaw, despite the SVRS being slightly below the critical threshold of 80, the active exploitation raises the urgency for remediation.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:L

UI:N

S:U

C:H

I:H

A:H

PUBLICATION DATE2024-10-20

LAST MODIFIED2024-10-22

SOCRadar

AI Insight

Description

CVE-2024-49325 is a Subscriber Broken Access Control vulnerability in Photo Gallery Builder versions 3.0 and earlier. This vulnerability allows unauthorized users to access and modify subscriber data, potentially leading to account takeover, data theft, or other malicious activities. The SVRS for this CVE is 34, indicating a moderate level of risk.

Key Insights

Unauthorized Access: This vulnerability allows attackers to bypass access controls and gain unauthorized access to subscriber data, including personal information, passwords, and other sensitive information.
Account Takeover: Attackers can exploit this vulnerability to take over subscriber accounts, allowing them to impersonate legitimate users and perform malicious actions.
Data Theft: Unauthorized access to subscriber data can lead to data theft, including personal information, financial data, or other confidential information.

Mitigation Strategies

Update Software: Install the latest version of Photo Gallery Builder (3.1 or later) to patch the vulnerability.
Restrict Access: Implement access controls to limit access to subscriber data to authorized users only.
Monitor Activity: Monitor user activity for suspicious behavior and investigate any unauthorized access attempts.
Educate Users: Educate users about the importance of strong passwords and the risks of clicking on suspicious links or opening attachments from unknown senders.

Additional Information

Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
Exploit Status: No active exploits have been published for this vulnerability.
CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning for this vulnerability.
In the Wild: This vulnerability is not known to be actively exploited in the wild.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-49325 | wpdiscover Photo Gallery Builder Plugin up to 3.0 on WordPress authorization

vuldb.com2024-10-20

CVE-2024-49325 | wpdiscover Photo Gallery Builder Plugin up to 3.0 on WordPress authorization | A vulnerability classified as problematic has been found in wpdiscover Photo Gallery Builder Plugin up to 3.0 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-49325. It is possible to initiate the attack remotely. There is no exploit available.

cve-2024-49325

domains

urls

cves

Social Media

CVE

@CVEnew

2024-10-20

CVE-2024-49325 Subscriber Broken Access Control in Photo Gallery Builder <= 3.0 versions. https://t.co/Wns8369XLS

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://patchstack.com/database/vulnerability/photo-gallery-builder/wordpress-photo-gallery-builder-plugin-3-0-broken-access-control-to-notice-dismissal-vulnerability?_s_id=cve

CWE Details

CWE ID	CWE Name	Description
CWE-862	Missing Authorization	The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence