Nextgen Gallery@* Security Vulnerabilities and Issues — Nextgen Gallery@* CVE List

Lucene search

ImagelyNextgen Gallery*

5 matches found

CVE•added 2023/10/16 8:15 p.m.•87 views

CVE-2023-3154

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the server.

7.5CVSS7.4AI score0.00292EPSS

CVE•added 2023/10/16 8:15 p.m.•72 views

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

4.9CVSS4.9AI score0.00372EPSS

CVE•added 2023/10/16 8:15 p.m.•62 views

CVE-2023-3155

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the gallery_edit function, allowing an attacker to access arbitrary resources on the server.

7.2CVSS7AI score0.00218EPSS

CVE•added 2023/11/30 4:15 p.m.•55 views

CVE-2023-48328

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.

8.8CVSS6.4AI score0.00171EPSS

CVE•added 2023/03/01 2:15 p.m.•54 views

CVE-2022-38468

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin

4.3CVSS5AI score0.00056EPSS