CVE-2024-13676 is a SQL Injection vulnerability identified in the Categorized Gallery Plugin by wamasoftware for WordPress, affecting all versions up to and including 2.0. The root cause is insufficient escaping and lack of proper query preparation on the 'field' attribute of the 'image_gallery' shortcode. This flaw allows authenticated users with Contributor-level permissions or higher to inject arbitrary SQL commands by appending malicious queries to the existing SQL statement. The vulnerability exploits improper neutralization of special elements in SQL commands (CWE-89). Successful exploitation can lead to unauthorized disclosure of sensitive data stored in the WordPress database, such as user credentials, personal information, or site configuration details. The CVSS v3.1 base score is 6.5, reflecting a medium severity with network attack vector, low attack complexity, and requiring privileges but no user interaction. Although no public exploits have been reported, the vulnerability poses a significant risk due to the common use of WordPress and the plugin in question. The attack scope is limited to sites where the plugin is installed and the attacker has at least Contributor-level access, which is a moderately privileged role. The vulnerability does not affect data integrity or availability but compromises confidentiality. The lack of patch links indicates that a fix may not yet be publicly available, emphasizing the need for mitigation.

This vulnerability primarily threatens the confidentiality of data stored in WordPress databases using the Categorized Gallery Plugin. Attackers with Contributor-level access can extract sensitive information, potentially including user data, site configurations, and other private content. While the vulnerability does not allow modification or deletion of data (integrity) or disrupt service availability, the exposure of confidential data can lead to further attacks such as privilege escalation, identity theft, or targeted phishing. Organizations relying on WordPress sites with this plugin are at risk of data breaches, which can damage reputation, incur regulatory penalties, and cause financial losses. The requirement for authenticated access limits the attack surface but does not eliminate risk, especially in environments with many contributors or weak internal controls. The absence of known exploits reduces immediate urgency but does not preclude future exploitation. Overall, the impact is significant for organizations with sensitive data hosted on vulnerable WordPress installations.

1. Immediately restrict Contributor-level and higher permissions to trusted users only, minimizing the number of accounts that can exploit this vulnerability. 2. Monitor and audit user activities on WordPress sites to detect unusual database queries or access patterns that may indicate exploitation attempts. 3. If possible, disable or remove the Categorized Gallery Plugin until a security patch is released. 4. Implement Web Application Firewall (WAF) rules to detect and block SQL Injection attempts targeting the 'field' parameter in the 'image_gallery' shortcode. 5. Encourage plugin developers or site administrators to apply prepared statements or parameterized queries in the plugin code to prevent SQL Injection. 6. Regularly update WordPress core, plugins, and themes to incorporate security fixes as they become available. 7. Conduct security assessments and penetration tests focusing on user input handling in WordPress plugins. 8. Backup databases frequently and securely to enable recovery in case of data compromise. 9. Educate contributors about the risks of elevated privileges and enforce strong authentication mechanisms.