CVE-2023-3155

CWE-552 — Files Accessible to External Parties3 documents3 sources

Severity

7.2HIGH

EPSS

0.3%

top 43.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Wordpress Gallery Plugin Imagely Nextgen Gallery

Timeline

PublishedOct 16

Description

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5unknown/wordpress_gallery_plugin< 3.39

▶NVDimagely/nextgen_gallery< 3.39

🔴Vulnerability Details

GHSA

GHSA-4mq9-mp5g-r83q: The WordPress Gallery Plugin WordPress plugin before 3↗2023-10-16

▶

CVEList

NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete↗2023-10-16

▶