CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1785 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-1785
25 Mar 2015 — In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo sobre la aplicación web. Las vulnerabilidades r... • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1784 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-1784
25 Mar 2015 — In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo a la aplicación web. Las vulnerabilidades radic... • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 40%CPEs: 1EXPL: 2CVE-2013-3684 – WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-3684
13 Jun 2013 — NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload El plugin NextGEN Gallery versiones anteriores a 1.9.13 para WordPress: carga del archivo ngggallery.php. The NextGEN Gallery WordPress plugin version 1.9.12 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/122021 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 30%CPEs: 2EXPL: 2CVE-2013-0291 – WordPress Gallery Plugin – NextGEN Gallery 1.9.10 - 1.9.11 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2013-0291
14 Feb 2013 — NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability NextGEN Gallery Plugin para WordPress, versiones 1.9.10 y 1.9.11, presenta una Vulnerabilidad de Divulgación de Ruta. NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability. • https://www.exploit-db.com/exploits/38314 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 57EXPL: 4CVE-2010-1186 – WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-1186
06 Apr 2010 — Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en xml/media-rss.php del complemento NextGEN Gallery anterior a v1.5.2 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "mode". • https://www.exploit-db.com/exploits/12098 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2008-7175 – NextGEN Gallery Plugin <= 1.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-7175
07 Jun 2008 — Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en wp-admin/admin.php en el plugin NextGEN Gallery v0.96 y anteriores para Wordpress permite a atacantes remotos inyectar HTML o secuencias de comandos web a través del campo de descripción ... • http://osvdb.org/51428 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •