Nextgen Gallery Security Vulnerabilities and Issues — Nextgen Gallery CVE List

Lucene search

ImagelyNextgen Gallery

6 matches found

CVE•added 2023/10/16 8:15 p.m.•72 views

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

4.9CVSS4.9AI score0.00533EPSS

CVE•added 2024/05/17 6:15 a.m.•61 views

CVE-2024-2744

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.3CVSS5.9AI score0.00195EPSS

CVE•added 2023/03/01 2:15 p.m.•54 views

CVE-2022-38468

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin

4.3CVSS5AI score0.00072EPSS

CVE•added 2024/11/25 6:15 a.m.•45 views

CVE-2024-6393

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example i...

4.8CVSS4.7AI score0.00038EPSS

CVE•added 2017/09/12 10:29 p.m.•40 views

CVE-2015-9229

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.

4.8CVSS4.7AI score0.00215EPSS

CVE•added 2018/04/30 10:29 p.m.•31 views

CVE-2018-1000172

Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.

4.8CVSS4.9AI score0.0019EPSS