CVE-2015-1784 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2015-1784

25 Mar 2015 — In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo a la aplicación web. Las vulnerabilidades radic... • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •