CVE-2024-3268

The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it possible for unauthenticated attackers to create arbitrary posts or pages.

CVSS

No CVSS.

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3088363/youtube-showcase	Patch
https://plugins.trac.wordpress.org/changeset/3088363/youtube-showcase	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=cve	Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:emarketdesign:youtube_video_gallery:*:*:*:*:*:wordpress:*:*

History

07 Feb 2025, 19:09

Type	Values Removed	Values Added
CWE		CWE-862
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : unknown
First Time		Emarketdesign youtube Video Gallery Emarketdesign
CPE		cpe:2.3:a:emarketdesign:youtube_video_gallery::::::wordpress::*
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9d5382-d37d-4a40-8f22-e32b8ee98859?source=cve - Third Party Advisory
References	~~() https://plugins.trac.wordpress.org/changeset/3088363/youtube-showcase -~~	() https://plugins.trac.wordpress.org/changeset/3088363/youtube-showcase - Patch

21 May 2024, 12:37

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 12:15

Updated : 2025-02-07 19:09

NVD link : CVE-2024-3268

Mitre link : CVE-2024-3268

JSON object : View

Products Affected

emarketdesign

youtube_video_gallery

CWE

CWE-862

Missing Authorization

JSON object

Attach tags to CVE-2024-3268

Attach tags to `CVE-2024-3268`