Lucene search

K
cvelistWPScanCVELIST:CVE-2023-3154
HistoryOct 16, 2023 - 7:39 p.m.

CVE-2023-3154 NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization

2023-10-1619:39:06
WPScan
www.cve.org
wordpress
plugin
phar deserialization
vulnerability
server access

0.001 Low

EPSS

Percentile

36.4%

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the server.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WordPress Gallery Plugin",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.39"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

0.001 Low

EPSS

Percentile

36.4%

Related for CVELIST:CVE-2023-3154