3 matches found
CVE-2020-35943
A Cross-Site Request Forgery CSRF issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. It is possible to bypass CSRF protection by simply not including a nonce parameter...
CVE-2020-35943
A Cross-Site Request Forgery CSRF issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. It is possible to bypass CSRF protection by simply not including a nonce parameter...
CVE-2020-35943
CVE-2020-35943 affects the WordPress NextGEN Gallery plugin prior to version 3.5.0. A CSRF weakness in the plugin’s request handling (notably in security checks around nonce validation) could allow an attacker to upload arbitrary files via crafted requests, with potential for remote code executio...