CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1784 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-1784
25 Mar 2015 — In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo a la aplicación web. Las vulnerabilidades radic... • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 40%CPEs: 1EXPL: 2CVE-2013-3684 – WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-3684
13 Jun 2013 — NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload El plugin NextGEN Gallery versiones anteriores a 1.9.13 para WordPress: carga del archivo ngggallery.php. The NextGEN Gallery WordPress plugin version 1.9.12 suffers from a remote shell upload vulnerability. • https://packetstorm.news/files/id/122021 • CWE-434: Unrestricted Upload of File with Dangerous Type •