{"id":"CVE-2024-10535","details":"The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory.","modified":"2026-04-12T10:20:32.087161Z","published":"2024-11-06T07:15:03.880Z","references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/video-wc-gallery/trunk/admin/admin-ui-setup.php#L545"},{"type":"ADVISORY","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/50259040-a984-42a8-8d58-cc94e349ca45?source=cve"},{"type":"FIX","url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3182174%40video-wc-gallery&new=3182174%40video-wc-gallery&sfp_email=&sfph_mail="}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/martinvalchevv/video-wc-gallery","events":[{"introduced":"0"},{"fixed":"b0d4f7a0ff980147fa99830c0c7a2debd1daa9ff"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.32"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:martinvalchev:video_gallery_for_woocommerce:*:*:*:*:*:wordpress:*:*"}}],"versions":["v1.0","v1.1","v1.10","v1.11","v1.12","v1.13","v1.14","v1.15","v1.16","v1.17","v1.18","v1.19","v1.2","v1.20","v1.21","v1.22","v1.23","v1.24","v1.25","v1.26","v1.27","v1.28","v1.29","v1.3","v1.30","v1.31","v1.4","v1.5","v1.6","v1.7","v1.8","v1.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10535.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}