WordPress Plugin UnGallery Local File Disclosure (1.5.8)

Description
  • WordPress Plugin UnGallery is prone to a local file disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on computers running the vulnerable application; this may aid in further attacks. WordPress Plugin UnGallery version 1.5.8 is vulnerable; other versions may also be affected.
Remediation
  • Update to plugin version 1.5.9 or latest
References