Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextgen gallery vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-35942
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin prior to 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including ...
Imagely Nextgen Gallery
4.3
CVSSv2
CVE-2020-35943
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin prior to 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
Imagely Nextgen Gallery
7.5
CVSSv2
CVE-2019-14314
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin prior to 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display...
Imagely Nextgen Gallery
1 Github repository
3.5
CVSSv2
CVE-2015-9229
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
Imagely Nextgen Gallery 2.1.15
2.1
CVSSv2
CVE-2014-3123
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin prior to 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arb...
Wpgetready Nextcellent Gallery 1.9.15
Wpgetready Nextcellent Gallery 1.9.14
Wpgetready Nextcellent Gallery
Wpgetready Nextcellent Gallery 1.9.16
NA
CVE-2024-2744
The NextGEN Gallery WordPress plugin prior to 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3