CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3279 – NextGEN Gallery < 3.39 - Admin+ Local File Inclusion
https://notcve.org/view.php?id=CVE-2023-3279
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks El complemento WordPress Gallery Plugin para WordPress anterior a 3.39 no valida algunos atributos de bloque antes de usarlos para generar rutas pasadas para incluir funciones, lo que permite a los usuarios administradores realizar ataques LFI The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.38 via the 'Select View' field in the plugin's developer tools. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3154 – NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
https://notcve.org/view.php?id=CVE-2023-3154
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. El complemento WordPress Gallery Plugin para WordPress anterior a 3.39 es vulnerable a PHAR Deserialization debido a la falta de validación de parámetros de entrada en la función `gallery_edit`, lo que permite a un atacante acceder a recursos arbitrarios en el servidor. The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 3.38 via deserialization of untrusted input in the gallery_edit function. This makes it possible for authenticated attackers, with administrative-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. • https://wpscan.com/vulnerability/ed099489-1db4-4b42-9f72-77de39c9e01e • CWE-502: Deserialization of Untrusted Data •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38468 – WordPress NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-38468
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration. The NextGEN Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.28. This is due to missing or incorrect nonce validation on the 'ajax_set_post_thumbnail' and 'createNewThumb' functions. This makes it possible for unauthenticated attackers to create and set thumbnails on posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-wordpress-gallery-plugin-nextgen-gallery-plugin-3-28-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24293 – NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24293
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript. En el módulo eCommerce del plugin NextGEN Gallery Pro WordPress versiones anteriores a 3.1.11, se presenta una acción para llamar a get_cart_items por medio de photocrati_ajax, después de eso, la settings[shipping_address][name] es capaz de inyectar javascript malicioso • https://wpscan.com/vulnerability/5e1a4725-3d20-44b0-8a35-bbf4263957f7 https://www.imagely.com/wordpress-gallery-plugin/nextgen-pro/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35943 – WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2020-35943
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) Un problema de tipo Cross-Site Request Forgery (CSRF) en el plugin de NextGEN Gallery versiones anteriores a 3.5.0 para WordPress, permite la carga de archivos. (Es posible omitir la protección CSRF simplemente sin incluir un parámetro nonce) • https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites • CWE-352: Cross-Site Request Forgery (CSRF) •