CVE-2023-5583

Summary

CVE-2023-5583 is a vulnerability found in the WP Simple Galleries plugin for WordPress versions up to and including 1.34. The vulnerability allows authenticated attackers with contributor-level permissions and above to inject a PHP object through deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via the 'wpsgallery' shortcode. This vulnerability does not include a POP (Privilege of Persistence) chain within the plugin itself, but if a POP chain is present through an additional plugin or theme installed on the system, it can enable the attacker to delete files, retrieve sensitive data, or execute arbitrary code. The exploit has a base severity rating of HIGH and poses risks to confidentiality, integrity, and availability of the affected systems. It has an exploitability score of 2.8 and a base score of 8.8 according to CVSS:3.1 metrics. The source of this information is [email protected].

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.