CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

Published: Oct 16, 2023
Updated: Oct 20, 2023
CVE: CVE-2023-3279
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
imagely / nextgen_gallery	-	3.39

https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635

Vulnerability Database

289,871

CVE-2023-3279