WordPress plugin nextgen-galery cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2015-1784

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests...

Code injection

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests...

CVE-2015-1784

The CVE-2015-1784 issue affects the WordPress NextGEN Gallery plugin prior to version 2.0.77.3. The vulnerability is due to improper handling/validation of user-uploaded files and insufficient protections against unauthorized HTTP requests, enabling an attacker to gain full access to the web appl...

CVE-2015-1785

CVE-2015-1785 concerns the NextGEN Gallery WordPress plugin, affected when using versions prior to 2.0.77.3. The issues are two vulnerabilities enabling full web application access: (1) cross-site request forgery (CSRF) and (2) arbitrary file upload due to inadequate validation of user-uploaded f...