Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextgen gallery vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2015-9229
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
Imagely Nextgen Gallery 2.1.15
NA
CVE-2014-3123
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin prior to 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arb...
Wpgetready Nextcellent Gallery 1.9.16
Wpgetready Nextcellent Gallery 1.9.14
Wpgetready Nextcellent Gallery
Wpgetready Nextcellent Gallery 1.9.15
NA
CVE-2010-1186
Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin prior to 1.5.2 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the mode parameter.
Alex Rabe Nextgen Gallery 0.35
Alex Rabe Nextgen Gallery 0.34
Alex Rabe Nextgen Gallery 1.2.0
Alex Rabe Nextgen Gallery 1.2.1
Alex Rabe Nextgen Gallery 1.3.6
Alex Rabe Nextgen Gallery 1.4.0
Alex Rabe Nextgen Gallery 0.97
Alex Rabe Nextgen Gallery 1.4.3
Alex Rabe Nextgen Gallery 0.61
Alex Rabe Nextgen Gallery 0.41
Alex Rabe Nextgen Gallery 0.74
Alex Rabe Nextgen Gallery 0.62
Alex Rabe Nextgen Gallery 0.92
Alex Rabe Nextgen Gallery 0.94
Alex Rabe Nextgen Gallery 0.95
Alex Rabe Nextgen Gallery 1.5.0
Alex Rabe Nextgen Gallery
Alex Rabe Nextgen Gallery 1.3.0
Alex Rabe Nextgen Gallery 1.3.1
Alex Rabe Nextgen Gallery 1.4.1
Alex Rabe Nextgen Gallery 1.4.2
Alex Rabe Nextgen Gallery 0.99
1 EDB exploit
6.1
CVSSv3
CVE-2021-24293
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin prior to 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.
NA
CVE-2024-2744
The NextGEN Gallery WordPress plugin prior to 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
NA
CVE-2008-7175
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and previous versions plugin for Wordpress allows remote malicious users to inject arbitrary web script or HTML via the picture description field in a page edit action.
Alex Rabe Nextgen Gallery 0.95
Alex Rabe Nextgen Gallery 0.94
Alex Rabe Nextgen Gallery 0.80
Alex Rabe Nextgen Gallery 0.74
Alex Rabe Nextgen Gallery 0.62
Alex Rabe Nextgen Gallery 0.61
Alex Rabe Nextgen Gallery 0.41
Alex Rabe Nextgen Gallery 0.40
Alex Rabe Nextgen Gallery 0.83
Alex Rabe Nextgen Gallery 0.82
Alex Rabe Nextgen Gallery 0.81
Alex Rabe Nextgen Gallery 0.64
Alex Rabe Nextgen Gallery 0.63
Alex Rabe Nextgen Gallery 0.43
Alex Rabe Nextgen Gallery 0.42
Alex Rabe Nextgen Gallery 0.34
Alex Rabe Nextgen Gallery 0.33
Alex Rabe Nextgen Gallery
Alex Rabe Nextgen Gallery 0.93
Alex Rabe Nextgen Gallery 0.92
Alex Rabe Nextgen Gallery 0.73
Alex Rabe Nextgen Gallery 0.72
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3