Lucene search
K

564 matches found

Cvelist
Cvelist
added 2026/05/20 5:31 a.m.47 views

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS0.00264EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.25 views

WordPress plugin NextGEN Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42122

NextGEN Gallery version prior to 4.2.1 are vulnerable to authenticated SQL injection via the 'orderby' parameter on the REST API endpoints '/imagely/v1/galleries' and '/imagely/v1/albums'. The root cause is an insufficient sanitization function ' clean column' in the data mapper layer that uses a...

9.3CVSS6AI score0.00287EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.18 views

WordPress plugin NextGEN Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

9.3CVSS5.9AI score0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.10 views

PT-2026-42112

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/05/19 5:1 p.m.11 views

WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Image Deletion vulnerability discovered by Bao Luu Gia Nguyen in WordPress Plugin NextGEN Gallery versions = 4.2.0...

4.3CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.7 views

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.5AI score0.00452EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 6:56 p.m.4 views

CVE-2026-33511 pyload-ng: Authentication Bypass via Host Header Injection in ClickNLoad

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/03/19 10:3 p.m.10 views

WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin <= 4.0.4 - Authenticated (Author+) Local File Inclusion vulnerability

WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin = 4.0.4 - Authenticated Author+ Local File Inclusion vulnerability discovered by WordFence in WordPress Plugin NextGEN Gallery versions = 4.0.4...

8.8CVSS5.8AI score0.00452EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/18 6:31 p.m.8 views

EUVD-2026-12851

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References5
NVD
NVD
added 2026/03/18 5:16 p.m.6 views

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS0.00452EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 4:26 p.m.2 views

CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/18 4:26 p.m.3 views

CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 4:26 p.m.17 views

CVE-2026-1463

CVE-2026-1463 affects the WordPress plugin “NextGEN Gallery” (Photo Gallery, Sliders, Proofing and Themes). Description: Local File Inclusion via the template parameter in gallery shortcodes is possible in all versions up to 4.0.3. Exploitation requires authenticated access at Author level or hig...

8.8CVSS6.3AI score0.00452EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/18 4:26 p.m.22 views

CVE-2026-1463 Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS0.00452EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

WordPress plugin NextGEN Gallery 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6AI score0.00452EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.11 views

PT-2026-26087

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

8.8CVSS6.5AI score0.00452EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2026/02/25 3:21 a.m.141 views

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

No d...

9.8CVSS5.4AI score0.82708EPSS
Exploits21
GithubExploit
GithubExploit
added 2026/02/24 9:8 p.m.163 views

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208: Unauthenticated Remote Code Execution RCE in...

9.8CVSS6.8AI score0.97106EPSS
Exploits22
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.7 views

CVE-2018-1000172

Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting XSS vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45...

4.8CVSS6AI score0.00584EPSS
Exploits0References1
Rows per page
Query Builder