CVE-2023-5583
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Oct 30, 2023
Updated: Nov 13, 2023
Summary
CVE-2023-5583 is a vulnerability affecting the WP Simple Galleries plugin for WordPress. This issue allows authenticated attackers with contributor-level permissions and above to inject PHP Objects through deserialization of untrusted input in the 'wpsimplegallery_gallery' post meta. This vulnerability can be exploited via the 'wpsgallery' shortcode. No Pop chain is present in the vulnerable plugin; however, if such a chain is present via an additional plugin or theme, the attacker could delete arbitrary files, retrieve sensitive data, or execute code.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share