A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin prior to 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
imagely nextgen gallery |