CVE-2024-39627 – WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 3.59.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-39627
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3. The NextGEN Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.59.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-photo-gallery-sliders-proofing-and-themes-nextgen-gallery-plugin-3-59-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-2744 – Nextgen Gallery < 3.59.1 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-2744
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed El complemento de WordPress NextGEN Gallery anterior a 3.59.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross Site Scripting incluso cuando unfiltered_html no está permitido. The NextGEN Gallery – Create an Amazing Photo Gallery in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.59 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/a5579c15-50ba-4618-95e4-04b2033d721f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-3097 – WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2024-3097
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin. El complemento WordPress Gallery Plugin – NextGEN Gallery para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función get_item en versiones hasta la 3.59 incluida. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidos EXIF y otros metadatos de cualquier imagen cargada a través del complemento. • https://github.com/Athos-Zago/CVE-2024-30973 https://plugins.trac.wordpress.org/browser/nextgen-gallery/trunk/src/REST/Admin/Block.php#L40 https://plugins.trac.wordpress.org/changeset/3063940/nextgen-gallery/trunk/src/REST/Admin/Block.php?old=3003333&old_path=nextgen-gallery%2Ftrunk%2Fsrc%2FREST%2FAdmin%2FBlock.php https://www.wordfence.com/threat-intel/vulnerabilities/id/75f87f99-9f0d-46c2-a6f1-3c1ea0176303?source=cve https://zpbrent.github.io/pocs/8-plugin-nextgen-gallery-InfoDis-20240327.mp4 • CWE-862: Missing Authorization •
CVE-2023-48328 – WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48328
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Imagely WordPress Gallery Plugin – NextGEN Gallery permite Cross-Site Request Forgery. Este problema afecta a WordPress Gallery Plugin – NextGEN Gallery: desde n/a hasta 3.37. The NextGEN Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.37. This is due to missing or incorrect nonce validation on an unknown function. • https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-37-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-3154 – NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
https://notcve.org/view.php?id=CVE-2023-3154
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. El complemento WordPress Gallery Plugin para WordPress anterior a 3.39 es vulnerable a PHAR Deserialization debido a la falta de validación de parámetros de entrada en la función `gallery_edit`, lo que permite a un atacante acceder a recursos arbitrarios en el servidor. The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 3.38 via deserialization of untrusted input in the gallery_edit function. This makes it possible for authenticated attackers, with administrative-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. • https://wpscan.com/vulnerability/ed099489-1db4-4b42-9f72-77de39c9e01e • CWE-502: Deserialization of Untrusted Data •