CVE-2023-3279

Name of the Vulnerable Software and Affected Versions WordPress Gallery Plugin version prior to 3.39

Description The issue allows Admin users to perform Local File Inclusion (LFI) attacks due to the plugin's failure to validate certain block attributes before using them to generate paths passed to include functions.

Recommendations For versions prior to 3.39, update to version 3.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's block attributes to minimize the risk of exploitation.