Meow Gallery
Monthly
Meow Gallery plugin for WordPress (all versions through 5.4.4) exposes an unprotected REST API endpoint that permits any authenticated user with Author-level access or above to overwrite or create arbitrary gallery shortcode records by supplying a user-controlled `id` parameter. The endpoint `/wp-json/meow-gallery/v1/save_shortcode` performs direct database write operations without verifying ownership of the referenced record, making this a classic CWE-639 (IDOR) pattern. No public exploit or CISA KEV listing has been identified at time of analysis; however, the low attack complexity and wide availability of Author-level accounts in multi-contributor WordPress environments elevate real-world risk above what the CVSS 4.3 score alone suggests.
Blind SQL injection in Meow Gallery up to version 5.4.4 allows high-privileged attackers to extract sensitive data from the application database through specially crafted SQL queries. An authenticated administrator with high privileges can exploit this vulnerability without user interaction to perform unauthorized database queries, potentially exposing confidential information. No patch is currently available for affected installations.
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Meow Gallery plugin for WordPress (all versions through 5.4.4) exposes an unprotected REST API endpoint that permits any authenticated user with Author-level access or above to overwrite or create arbitrary gallery shortcode records by supplying a user-controlled `id` parameter. The endpoint `/wp-json/meow-gallery/v1/save_shortcode` performs direct database write operations without verifying ownership of the referenced record, making this a classic CWE-639 (IDOR) pattern. No public exploit or CISA KEV listing has been identified at time of analysis; however, the low attack complexity and wide availability of Author-level accounts in multi-contributor WordPress environments elevate real-world risk above what the CVSS 4.3 score alone suggests.
Blind SQL injection in Meow Gallery up to version 5.4.4 allows high-privileged attackers to extract sensitive data from the application database through specially crafted SQL queries. An authenticated administrator with high privileges can exploit this vulnerability without user interaction to perform unauthorized database queries, potentially exposing confidential information. No patch is currently available for affected installations.
The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.