Local File Inclusion Vulnerability in Image Gallery Box by CRUDLab
CVE-2025-23938

7.5HIGH

Key Information:

Vendor: WordPress
Status: Image Gallery Box By Crudlab
Vendor: CVE Published:; 22 January 2025

What is CVE-2025-23938?

The vulnerability in the Image Gallery Box by CRUDLab stems from an improper control of filenames used in the include/require statements within PHP scripts. This weakness allows unauthorized access to local files on the server, potentially leading to exposure of sensitive data or further exploitation. The affected versions are from n/a through 1.0.3, making it crucial for users to apply necessary security patches to mitigate risks.

Affected Version(s)

Image Gallery Box by CRUDLab <= 1.0.3

References

https://patchstack.com/database/wordpress/plugin/image-ga...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

LVT-tholv2k (Patchstack Alliance)

WordPress

What is CVE-2025-23938?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit