cleantalk
Vulnerabilities and Security Researches

WordPress Gallery Plugin – NextGEN Gallery, CVE-2023-3155

CVE, Research URL

CVE-2023-3155

Home page URL

Security reports for WordPress Gallery Plugin – NextGEN Gallery

Application

WordPress Gallery Plugin – NextGEN Gallery

Published on
Oct 17, 2023
Research Description
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
Affected versions
max 3.39.
Status
vulnerable
Previous vulnerability researches
NextGEN Gallery Search (CVE-2025-53224) , Aug 30, 2025
Geo2 Maps Add-on for NextGEN Gallery (4624f982-a331-414c-88c3-12761807ec95) , Jun 07, 2024
NextGEN Gallery Voting (CVE-2025-28869) , Mar 26, 2025
NextGEN Gallery Voting (488bd710de9089b64a6d30cba806517c0fb9fdf5) , Jun 07, 2024
WordPress Gallery Plugin – NextGEN Gallery (CVE-2024-5020) , Dec 06, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025