CVE-2023-3155
NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and DeleteThe WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
We have discovered 31,100 live websites that are affected by CVE-2023-3155.
Affected Software
| Product |  NextGEN Gallery |
| Category | Photo Galleries |
| Vulnerable Domains | 31,100 live websites (42% of NextGEN Gallery install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 191 versions ( 89% of all versions) |
Common Weakness Enumeration
CWE-552 Files or Directories Accessible to External PartiesDetails
- Published - Oct 16, 2023
- Updated - Apr 23, 2025
Credits
- Linwz from DEVCORE (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-3155 United States | 6,014 websites |
 Germany | 4,684 websites |
 Russia | 2,217 websites |
 Italy | 2,188 websites |
 France | 1,729 websites |
 Poland | 1,455 websites |
 GB | 1,388 websites |
 Czech Republic | 1,374 websites |
 Netherlands | 943 websites |
 Spain | 538 websites |
Website Distribution by TLD
Number of websites using CVE-2023-3155| .com | 9,906 websites |
| .de | 3,099 websites |
| .ru | 1,857 websites |
| .it | 1,477 websites |
| .org | 1,270 websites |
| .cz | 1,212 websites |
| .pl | 1,123 websites |
| .co.uk | 899 websites |
| .nl | 809 websites |
| .net | 786 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-3155
Top websites that are affected by CVE-2023-3155. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.*******.org | United States | **,*** | |
| *********.org | Spain | **,*** | |
| *******.com |  Singapore | **,*** | |
| ************.com | United States | **,*** | |
| ****.fr | France | **,*** | |
| **********.com | United States | ***,*** | |
| ********.org | France | ***,*** | |
| ********.com | Russia | ***,*** | |
| ********.org | United States | ***,*** | |
| ***.**.**.uk | GB | ***,*** |
FAQ
CVE-2023-3155 is Files or Directories Accessible to External Parties in NextGEN Gallery
A total of 31,100 websites have been identified as vulnerable to CVE-2023-3155, based on global website indexing conducted by WebTechSurvey.
The NextGEN Gallery is affected by the CVE-2023-3155 vulnerability.
NextGEN Gallery versions up to 3.39 are vulnerable to CVE-2023-3155.
CVE-2023-3155 is resolved in version 3.39 of NextGEN Gallery.