Description

WordPress Plugin WORDPRESS VIDEO GALLERY is prone to an open email relay vulnerability that lets attackers send mass emails without authentication. An attacker could exploit this issue to send unsolicited spam email to an unrestricted number of email addresses. WordPress Plugin WORDPRESS VIDEO GALLERY version 2.8 is vulnerable; other versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

http://www.homelab.it/index.php/2015/05/22/wordpress-video-gallery-2-8-unprotected-mail-page/

https://www.exploit-db.com/exploits/37106/

http://packetstormsecurity.com/files/132015/WordPress-Video-Gallery-2.8-Unprotected-Mail-Page.html

Related Vulnerabilities

Oracle Database Server CVE-2008-2590 Vulnerability (CVE-2008-2590)

WordPress 5.3.x Directory Traversal (5.3 - 5.3.17)

WordPress Plugin Companion Revision Manager-Revision Control Unspecified Vulnerability (1.3)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7136)

MySQL CVE-2024-21197 Vulnerability (CVE-2024-21197)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update