CVSS: 10.0EPSS: 40%CPEs: 1EXPL: 2CVE-2013-3684 – WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-3684
13 Jun 2013 — NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload El plugin NextGEN Gallery versiones anteriores a 1.9.13 para WordPress: carga del archivo ngggallery.php. The NextGEN Gallery WordPress plugin version 1.9.12 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/122021 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 4CVE-2010-1186 – WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-1186
06 Apr 2010 — Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en xml/media-rss.php del complemento NextGEN Gallery anterior a v1.5.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "mode". • https://www.exploit-db.com/exploits/12098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •