Skip to main content

Nextgen Gallery CVE-2023-3154

HIGH
2023-10-16 contact@wpscan.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 16, 2023 - 20:15 nvd
HIGH 7.5

DescriptionNVD

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the server.

AnalysisAI

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the server. Affected products include: Imagely Nextgen Gallery. Version information: before 3.39.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-3097 MEDIUM POC
5.3 Apr 09

The WordPress Gallery Plugin - NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to

CVE-2023-3155 HIGH POC
7.2 Oct 16

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack

CVE-2021-24293 MEDIUM POC
6.1 May 05

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_i

CVE-2024-5442 MEDIUM POC
5.9 Jul 13

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its setting

CVE-2015-9228 HIGH
8.8 Sep 12

In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via

CVE-2019-14314 CRITICAL
9.8 Aug 27

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Rated critical s

CVE-2026-9059 CRITICAL
9.3 May 20

Authenticated SQL injection in NextGEN Gallery (WordPress plugin by Awesome Motive/Imagely) before version 4.2.1 allows

CVE-2023-3279 MEDIUM POC
4.9 Oct 16

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to g

CVE-2015-9229 MEDIUM POC
4.8 Sep 12

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for

CVE-2024-6393 MEDIUM POC
4.8 Nov 25

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images

CVE-2024-2744 MEDIUM POC
4.3 May 17

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow

CVE-2024-10545 LOW POC
3.5 Feb 25

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image s

Share

CVE-2023-3154 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy