CVE-2023-3154

Name of the Vulnerable Software and Affected Versions WordPress Gallery Plugin versions prior to 3.39

Description The issue is related to PHAR Deserialization due to a lack of input parameter validation in the gallery edit function. This allows an attacker to access arbitrary resources on the server.

Recommendations For versions prior to 3.39, update to version 3.39 or later to resolve the issue. As a temporary workaround, consider disabling the gallery edit function until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.