2 matches found
CVE-2025-7641 Assistant for NextGEN Gallery <= 1.0.9 - Unauthenticated Arbitrary Directory Deletion
The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated...
PT-2025-33459 · Unknown +1 · Nextgen Gallery +1
Name of the Vulnerable Software and Affected Versions: Assistant for NextGEN Gallery plugin for WordPress versions up to and including 1.0.9 Description: The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation i...