CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35942 – WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-35942
17 Dec 2020 — A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) Un problema de tipo Cross-Site Request Forgery (CSRF) en el plugin de NextGEN Gallery versiones anteriores a 3.5.0 para WordPress, permite la carga de archivos y la inclusión de archivos locales por medio de la mod... • https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 32%CPEs: 1EXPL: 1CVE-2019-14314 – NextGEN Gallery <= 3.2.10 - SQL Injection
https://notcve.org/view.php?id=CVE-2019-14314
27 Aug 2019 — A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. Existe una vulnerabilidad de inyección SQL en el complemento Imagely NextGEN Gallery anterior a la versión 3.2.11 para WordPress. La explotación con éxito de esta vulnerabilidad permitiría a un a... • https://github.com/imthoe/CVE-2019-14314 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2018-7586 – WordPress Gallery Plugin – NextGEN Gallery <= 2.2.46 - Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2018-7586
01 Mar 2018 — In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. En el plugin nextgen-gallery en versiones anteriores a la 2.2.50 para WordPress, las rutas de galería no son seguras. • https://wordpress.org/plugins/nextgen-gallery/#developers • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000172 – NextGEN Gallery <= 2.2.44 - Cross-Site Scripting via image alt and title text
https://notcve.org/view.php?id=CVE-2018-1000172
14 Feb 2018 — Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45. Imagely NextGEN Gallery, en versiones 2.2.30 y anteriores, contiene una vulnerabilidad de Cross Site Scripting (XSS) en Image Alt Title Text. El ataque parece ser explotable si una víctima visualiza la imagen en la página de admi... • https://fortiguard.com/zeroday/FG-VD-17-215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10889 – NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion & SQL injection
https://notcve.org/view.php?id=CVE-2016-10889
15 Nov 2016 — The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. El plugin nextgen-gallery versiones anteriores a 2.1.57 para WordPress, presenta una inyección SQL por medio de un nombre de galería. • https://wordpress.org/plugins/nextgen-gallery/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-6565 – The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file
https://notcve.org/view.php?id=CVE-2016-6565
15 Nov 2016 — The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). El plugin Imagely NextGen Gallery para Wordpress en versiones anteriores a la 2.1.57 no valida correctamente las entradas de usuario en el parámetro cssfile de una petición H... • https://www.kb.cert.org/vuls/id/346175 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2015-9537 – NextGen Gallery <= 2.1.9 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9537
31 Aug 2015 — The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. El plugin NextGEN Gallery versiones anteriores a 2.1.10 para WordPress, presenta múltiples problemas de tipo XSS que involucran a los parámetros thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos y wmYpos, y template. • https://cybersecurityworks.com/zerodays/cve-2015-9537-nextgen.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 5CVE-2015-9538 – NextGen Gallery <= 2.1.10 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2015-9538
28 Aug 2015 — The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. El plugin NextGEN Gallery versiones anteriores a 2.1.15 para WordPress, permite un Salto de Directorio de ../ en la selección de ruta. • https://cxsecurity.com/issue/WLB-2015080165 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1785 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-1785
25 Mar 2015 — In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo sobre la aplicación web. Las vulnerabilidades r... • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1784 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-1784
25 Mar 2015 — In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo a la aplicación web. Las vulnerabilidades radic... • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •