Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/05/23 3:50 a.m.19 views

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...

4.9CVSS6.6AI score0.00787EPSS
Exploits2References1
patchstack
patchstack
added 2023/10/17 12:0 a.m.16 views

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to Local File Inclusion

Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-3279 Patch priority Low CVSS severity Low 6 Developer Claim ownership PSID 1c647829048b Credits Linwz from DEVCORE Required privilege Administrat...

4.9CVSS6.8AI score0.00787EPSS
Exploits2References3Affected Software1
nvd
nvd
added 2023/10/16 8:15 p.m.30 views

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...

4.9CVSS5AI score0.00787EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/10/16 7:39 p.m.7 views

CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...

6.6AI score0.00787EPSS
Exploits2References1
cve
cve
added 2023/10/16 7:39 p.m.87 views

CVE-2023-3279

The CVE-2023-3279 issue affects the WordPress NextGEN Gallery Plugin (versions prior to 3.39). The root cause is the plugin not validating certain block attributes before using them to build paths for include/require calls, enabling an administrator to perform Local File Inclusion (LFI) attacks. ...

4.9CVSS4.9AI score0.00787EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2023/10/16 7:39 p.m.32 views

CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks...

6AI score0.00787EPSS
Exploits2References1
Rows per page
Query Builder