CVE-2023-5583

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 30, 2023
Updated: Nov 13, 2023

Summary

CVE-2023-5583 is a vulnerability affecting the WP Simple Galleries plugin for WordPress. This issue allows authenticated attackers with contributor-level permissions and above to inject PHP Objects through deserialization of untrusted input in the 'wpsimplegallery_gallery' post meta. This vulnerability can be exploited via the 'wpsgallery' shortcode. No Pop chain is present in the vulnerable plugin; however, if such a chain is present via an additional plugin or theme, the attacker could delete arbitrary files, retrieve sensitive data, or execute code.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share