CVE-2023-3155
NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and DeleteThe WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
We have discovered 45,762 live websites that are affected by CVE-2023-3155.
Affected Software
| Product |  NextGEN Gallery |
| Category | Photo Galleries |
| Vulnerable Domains | 45,762 live websites (50.72% of NextGEN Gallery install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 262 versions ( 74.22% of all versions) |
Common Weakness Enumeration
CWE-552 Files or Directories Accessible to External PartiesDetails
- Published - Oct 16, 2023
- Updated - Aug 2, 2024
Credits
- Linwz from DEVCORE (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-3155 usage by Country
 United States | 10,300 websites |
 Germany | 7,319 websites |
 Russia | 3,227 websites |
 France | 2,836 websites |
 Poland | 2,327 websites |
 GB | 1,877 websites |
 Italy | 1,535 websites |
 Netherlands | 1,394 websites |
 Czech Republic | 1,365 websites |
 Hungary | 752 websites |
CVE-2023-3155 usage by TLD
| .com | 15,046 websites |
| .de | 4,525 websites |
| .ru | 2,799 websites |
| .pl | 1,882 websites |
| .org | 1,854 websites |
| .co.uk | 1,331 websites |
| .cz | 1,213 websites |
| .nl | 1,210 websites |
| .it | 1,197 websites |
| .net | 1,173 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-3155
Top websites that are affected by CVE-2023-3155. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **************.se |  Sweden | **,*** | |
| ************.com | Italy | **,*** | |
| *****.*******.org | United States | **,*** | |
| **********.cu |  Cuba | **,*** | |
| *********.org |  Spain | **,*** | |
| *******.com |  Singapore | **,*** | |
| ************.com | United States | **,*** | |
| ****.fr | France | **,*** | |
| **********.com | United States | ***,*** | |
| ********.org | France | ***,*** |
FAQ
CVE-2023-3155 is Files or Directories Accessible to External Parties in NextGEN Gallery
A total of 45,762 websites have been identified as vulnerable to CVE-2023-3155, discovered through global website indexing conducted by WebTechSurvey.
NextGEN Gallery is susceptible to CVE-2023-3155 vulnerability.
NextGEN Gallery versions before 3.39 are vulnerable to CVE-2023-3155.
Version 3.39 of NextGEN Gallery addresses the CVE-2023-3155 security vulnerability.