The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit
function, allowing an attacker to access arbitrary resources on the server.
CPE | Name | Operator | Version |
---|---|---|---|
nextgen_gallery | lt | 3.39 |