CVE-2023-3155

Name of the Vulnerable Software and Affected Versions WordPress Gallery Plugin versions prior to 3.39

Description The issue is related to a lack of input parameter validation in the gallery edit function, allowing an attacker to access arbitrary resources on the server. This can lead to Arbitrary File Read and Delete.

Recommendations For versions prior to 3.39, update to version 3.39 or later to resolve the issue. As a temporary workaround, consider disabling the gallery edit function until a patch is available. Restrict access to sensitive resources on the server to minimize the risk of exploitation.