CVE-2023-3279 Information

Description

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s allowing Admin users to perform LFI attacks

Reference

https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635