CVE-2023-35780: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Andy Whalen's Galleria WordPress plugin affecting versions 1.0.3 and below. The vulnerability was reported on June 16, 2023, and was assigned CVE-2023-35780 (Patchstack).

The vulnerability stems from the plugin's failure to properly implement nonce verification for requests. This security oversight has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N according to NVD's assessment. Patchstack has assigned it a lower CVSS score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered low to medium severity, though it could potentially lead to unauthorized actions being performed on behalf of authenticated users (WPScan).

Currently, there is no official fix available for this vulnerability. Users of the affected plugin should consider implementing additional security measures or switching to alternative solutions (WPScan).