CVE-2025-11176

The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfisetthumbnail and qfideletethumbnail AJAX actions due to missing validation on a user controlled key. This makes it possible for authenticated...

PT-2023-13608 · Imagely · Imagely Wordpress Gallery Plugin - Nextgen Gallery

Name of the Vulnerable Software and Affected Versions: Imagely WordPress Gallery Plugin - NextGEN Gallery versions prior to 3.29 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can lead to thumbnail alteration. Recommendations: For versions prior to 3.2...