CVE-2024-8032: 
WordPress vulnerability analysis and mitigation

The Smooth Gallery Replacement WordPress plugin through version 1.0 contains a security vulnerability identified as CVE-2024-8032, which was publicly disclosed on July 11, 2024. The vulnerability combines Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) issues, where the plugin lacks proper CSRF protection mechanisms and has insufficient input sanitization and output escaping (WPScan).

The vulnerability stems from missing CSRF checks combined with inadequate sanitization and escaping mechanisms in the plugin's functionality. This security flaw has been assigned a CVSS score of 6.1 (Medium) according to CISA-ADP assessment, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-79 (Cross-Site Scripting) (NVD, WPScan).

When exploited, this vulnerability allows attackers to execute a CSRF attack that can lead to stored XSS payloads being added to the system through an authenticated administrator account. This creates a persistent security risk as the malicious code remains stored on the website (WPScan).

Currently, there is no known fix available for this vulnerability. Users of the Smooth Gallery Replacement plugin should consider either removing the plugin or implementing additional security measures to protect admin accounts from CSRF attacks (WPScan).