CVE-2024-32778 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Contest-gallery	Contest Gallery

Configuration 1 [-]

cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve

History

Thu, 03 Apr 2025 01:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Contest-gallery Contest-gallery contest Gallery
CPEs		cpe:2.3:a:contest-gallery:contest_gallery::::::wordpress::*
Vendors & Products		Contest-gallery Contest-gallery contest Gallery

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-09T13:08:35.221Z

Updated: 2024-08-02T02:20:35.285Z

Reserved: 2024-04-18T09:15:05.276Z

Link: CVE-2024-32778

Vulnrichment

Updated: 2024-06-10T14:12:09.319Z

NVD

Status : Analyzed

Published: 2024-06-09T13:15:50.080

Modified: 2025-04-03T00:38:31.813

Link: CVE-2024-32778

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32778", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-18T09:15:05.276Z", "datePublished": "2024-06-09T13:08:35.221Z", "dateUpdated": "2024-08-02T02:20:35.285Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "contest-gallery", "product": "Contest Gallery", "vendor": "Contest Gallery", "versions": [{"changes": [{"at": "21.3.5", "status": "unaffected"}], "lessThanOrEqual": "21.3.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "CatFather (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Contest Gallery.<p>This issue affects Contest Gallery: from n/a through 21.3.4.</p>"}], "value": "Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T13:08:35.221Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 21.3.5 or a higher version."}], "value": "Update to 21.3.5 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T14:12:06.234543Z", "id": "CVE-2024-32778", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T14:12:12.016Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:20:35.285Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32778", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-18T09:15:05.276Z", "datePublished": "2024-06-09T13:08:35.221Z", "dateUpdated": "2024-06-10T14:12:12.016Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "contest-gallery", "product": "Contest Gallery", "vendor": "Contest Gallery", "versions": [{"changes": [{"at": "21.3.5", "status": "unaffected"}], "lessThanOrEqual": "21.3.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "CatFather (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Contest Gallery.<p>This issue affects Contest Gallery: from n/a through 21.3.4.</p>"}], "value": "Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-09T13:08:35.221Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 21.3.5 or a higher version."}], "value": "Update to 21.3.5 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Contest Gallery plugin <= 21.3.4 - Arbitrary File Deletion vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32778", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T14:12:06.234543Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T14:12:09.319Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8893A281-7B94-4AD2-A87C-905949FD332C", "versionEndExcluding": "21.3.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en Contest Gallery. Este problema afecta a Contest Gallery: desde n/a hasta 21.3.4."}], "id": "CVE-2024-32778", "lastModified": "2025-04-03T00:38:31.813", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-09T13:15:50.080", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/contest-gallery/wordpress-contest-gallery-plugin-21-3-4-arbitrary-file-deletion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}