CVE-2026-1463

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access...

EUVD-2015-1911

Malware in sbrugna...

EUVD-2018-19307

Malware in sbrugna...

EUVD-2025-25004

Malicious code in bioql PyPI...

CVE-2015-1785

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests...

CVE-2015-1784

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests...

WordPress NextGEN Gallery plugin <= 3.59.4 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin NextGEN Gallery versions = 3.59.4...

CVE-2024-3097

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getitem function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includi...

CVE-2022-38468

Cross-Site Request Forgery CSRF vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin = 3.28 leading to thumbnail alteration...

CVE-2022-38468

Cross-Site Request Forgery CSRF vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin = 3.28 leading to thumbnail alteration...

WordPress plugin nextgen-galery 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2019-14314

The CVE-2019-14314 issue affects the Imagely NextGEN Gallery WordPress plugin prior to 3.2.11. The root cause is a SQL injection in modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php, allowing a remote attacker to execute arbitrary SQL commands and potentially compromise d...

CVE-2016-10889

The CVE-2016-10889 vulnerability affects the WordPress NextGEN Gallery plugin prior to version 2.1.57. The issue is an SQL injection via a gallery name, as documented by Red Hat and NVD references. Impact is described as high in CVSS v3 (CRITICAL, with HIGH confidentiality, integrity, and availab...

Information disclosure

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images1alttext parameter...

WordPress NextGEN Gallery Plugin <= 1.9.5 - Stored XSS

This plugin is prone to a cross site scripting vulnerability via gallerypath parameter. Solution Update the plugin...

CVE-2010-1186

The CVE-2010-1186 entry documents a Cross-Site Scripting (XSS) vulnerability in the NextGEN Gallery WordPress plugin. Affected component: xml/media-rss.php; vulnerable until version 1.5.2 where the mode parameter is reflected without proper escaping, enabling remote attackers to inject arbitrary ...