CVE-2019-14314

The CVE-2019-14314 issue affects the Imagely NextGEN Gallery WordPress plugin prior to 3.2.11. The root cause is a SQL injection in modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php, allowing a remote attacker to execute arbitrary SQL commands and potentially compromise d...

CVE-2023-3154

The CVE-2023-3154 issue affects WordPress NextGEN Gallery Plugin (versions before 3.39). The connected sources describe a PHAR deserialization vulnerability in the gallery_edit function caused by insufficient input parameter validation, enabling an attacker to access arbitrary resources on the se...

CVE-2013-3684

The CVE-2013-3684 entry concerns the NextGEN Gallery WordPress plugin (pre-1.9.13) and a vulnerability in ngggallery.php that allows arbitrary file upload. Multiple connected sources confirm affected version (1.9.12 and earlier) and that unauthenticated uploads were possible, potentially enabling...

CVE-2024-3097

CVE-2024-3097 — NextGEN Gallery (WordPress)

CVE-2015-9228

CVE-2015-9228 affects WordPress Photocrati NextGEN Gallery plugin, version 2.1.10. The vulnerability allows unrestricted file upload via the name parameter when a file extension is changed from .jpg to .php, enabling potentially arbitrary PHP uploads. The NVD entry notes high-impact risk (Confide...

CVE-2023-3279

The CVE-2023-3279 issue affects the WordPress NextGEN Gallery Plugin (versions prior to 3.39). The root cause is the plugin not validating certain block attributes before using them to build paths for include/require calls, enabling an administrator to perform Local File Inclusion (LFI) attacks. ...

CVE-2013-0291

CVE-2013-0291 concerns the WordPress plugin NextGEN Gallery (versions 1.9.10 and 1.9.11). Multiple connected sources confirm a Path Disclosure vulnerability , i.e., exposure of sensitive server paths through the plugin. OpenVAS lists the affected scope as WordPress NextGEN Gallery Plugin 1.9.10

CVE-2023-3155

The CVE-2023-3155 entry refers to the WordPress NextGEN Gallery Plugin (versions before 3.39) with an Arbitrary File Read/Delete vulnerability caused by missing input parameter validation in the gallery_edit function. The vulnerability could allow an attacker to access arbitrary resources on the ...

CVE-2015-9538

The CVE-2015-9538 entry applies to the WordPress NextGEN Gallery plugin prior to version 2.1.15. The flaw is a directory traversal vulnerability in path selection ("../"), caused by insufficient filtering of path components, which could allow access to locations outside a restricted directory. Af...

CVE-2020-35942

The CVE concerns WordPress NextGEN Gallery plugin prior to version 3.5.0. A CSRF logic flaw in is_authorized_request (and related checks) could permit requests without a proper nonce, enabling actions via settings modification that allow file upload and local file inclusion, which could lead to r...

CVE-2015-9537

The CVE-2015-9537 entry concerns the WordPress NextGEN Gallery plugin prior to version 2.1.10, which contains multiple XSS vulnerabilities. The affected component is the NextGEN Gallery WordPress plugin; the root cause is insufficient sanitization/validation of user-supplied input in several fiel...

CVE-2024-2744

The CVE refers to NextGEN Gallery WordPress plugin prior to 3.59.1. It allows stored XSS because some settings aren’t sanitized/escaped, enabling high-privilege users (e.g., admins) to execute scripts after interaction. CVSSv3.1 base score 4.3 (Medium) with AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L. Re...

CVE-2016-10889

The CVE-2016-10889 vulnerability affects the WordPress NextGEN Gallery plugin prior to version 2.1.57. The issue is an SQL injection via a gallery name, as documented by Red Hat and NVD references. Impact is described as high in CVSS v3 (CRITICAL, with HIGH confidentiality, integrity, and availab...

CVE-2023-48328

CVE-2023-48328 affects Imagely WordPress Gallery Plugin – NextGEN Gallery (≤3.37). It is a Cross-Site Request Forgery (CSRF) vulnerability that could enable unauthorized actions. A fix is available in 3.39; upgrade to 3.39+ to mitigate. Other sources (OpenVAS/Patchstack) corroborate CSRF risk for...

CVE-2022-38468

CVE-2022-38468 : A CSRF vulnerability in the Imagely WordPress Gallery Plugin – NextGEN Gallery (versions

CVE-2024-10545

CVE-2024-10545 affects the WordPress plugin NextGEN Gallery (before 3.59.9). The issue is insufficient sanitization/escaping of image settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (such as in multisite). Affected softw...

CVE-2016-6565

The CVE-2016-6565 issue affects the WordPress Imagely NextGEN Gallery plugin prior to version 2.1.57. The vulnerability arises from improper validation of the cssfile parameter in an HTTP POST request, which can allow an authenticated user to read arbitrary files on the server or, in some server ...

CVE-2024-6393

CVE-2024-6393 affects the WordPress plugin NextGEN Gallery (Photo Gallery, Sliders, Proofing and Themes). The issue is a lack of sanitization/escaping in the plugin’s Images settings, enabling stored XSS by high-privilege users (e.g., Administrators) even if unfiltered_html is disallowed. Affecte...

CVE-2021-24293

The CVE-2021-24293 entry concerns the NextGEN Gallery Pro WordPress plugin (before 3.1.11). The vulnerability occurs in the eCommerce module: an action invokes photocrati_ajax to call get_cart_items, after which settings[shipping_address][name] can be manipulated to inject malicious JavaScript. D...

CVE-2020-35943

CVE-2020-35943 affects the WordPress NextGEN Gallery plugin prior to version 3.5.0. A CSRF weakness in the plugin’s request handling (notably in security checks around nonce validation) could allow an attacker to upload arbitrary files via crafted requests, with potential for remote code executio...

CVE-2015-1784

The CVE-2015-1784 issue affects the WordPress NextGEN Gallery plugin prior to version 2.0.77.3. The vulnerability is due to improper handling/validation of user-uploaded files and insufficient protections against unauthorized HTTP requests, enabling an attacker to gain full access to the web appl...

CVE-2024-39627

CVE-2024-39627 : A stored cross-site scripting (XSS) vulnerability exists in WordPress plugin NextGEN Gallery (affected versions:

CVE-2024-5442

Summary of CVE-2024-5442 (NextGEN Gallery) : The WordPress plugin NextGEN Gallery (versions before 3.59.3) contains sanitization/escaping flaws in settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in mult...

CVE-2015-1785

CVE-2015-1785 concerns the NextGEN Gallery WordPress plugin, affected when using versions prior to 2.0.77.3. The issues are two vulnerabilities enabling full web application access: (1) cross-site request forgery (CSRF) and (2) arbitrary file upload due to inadequate validation of user-uploaded f...

CVE-2015-9229

CVE-2015-9229 affects the WordPress Photocrati NextGEN Gallery plugin (version 2.1.15) in the nggallery-manage-gallery page. The vulnerability is a cross-site scripting (XSS) issue exploitable by remote authenticated administrators via the images[1][alttext] parameter, as described in the CVE det...

CVE-2018-7586

CVE-2018-7586 affects the WordPress plugin NextGEN Gallery (versions before 2.2.50). The issue is described as gallery paths that are not secured, leading to exposure of gallery path information. According to connected sources, this vulnerability exists in the plugin prior to 2.2.50 and has a pot...

CVE-2018-1000172

Imagely NextGEN Gallery (WordPress plugin) ≤ 2.2.44 contains a Cross-Site Scripting (XSS) in Image Alt & Title Text. The issue could be triggered when a user views an image on an administrator page, with the root cause stemming from improper validation of user-submitted data in the alt/title attr...