CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 5CVE-2015-9538 – NextGen Gallery <= 2.1.10 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2015-9538
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. El plugin NextGEN Gallery versiones anteriores a 2.1.15 para WordPress, permite un Salto de Directorio de ../ en la selección de ruta. • https://cxsecurity.com/issue/WLB-2015080165 https://cybersecurityworks.com/zerodays/cve-2015-9538-nextgen.html https://github.com/cybersecurityworks/Disclosed/issues/2 https://packetstormsecurity.com/files/135114/WordPress-NextGEN-Gallery-2.1.15-Cross-Site-Scripting-Path-Traversal.html https://wordpress.org/plugins/nextgen-gallery/#developers https://www.openwall.com/lists/oss-security/2015/08/28/4 https://www.openwall.com/lists/oss-security/2015/09/01/7 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1785 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2015-1785
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo sobre la aplicación web. Las vulnerabilidades radican en cómo la aplicación comprueba los archivos subidos por el usuario y en la falta de medidas de seguridad que impidan las peticiones HTTP no deseadas • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1784 – WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-1784
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. En el plugin nextgen-galery de wordpress versiones anteriores a 2.0.77.3, se presentan dos vulnerabilidades que pueden permitir a un atacante conseguir acceso completo a la aplicación web. Las vulnerabilidades radican en la forma en que la aplicación comprueba los archivos subidos por el usuario y la falta de medidas de seguridad que impidan las peticiones HTTP no deseadas • https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2013-3684 – WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2013-3684
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload El plugin NextGEN Gallery versiones anteriores a 1.9.13 para WordPress: carga del archivo ngggallery.php. The NextGEN Gallery WordPress plugin version 1.9.12 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/38585 https://exchange.xforce.ibmcloud.com/vulnerabilities/85011 https://exchange.xforce.ibmcloud.com/vulnerabilities/85012 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 39%CPEs: 2EXPL: 2CVE-2013-0291 – WordPress Gallery Plugin – NextGEN Gallery 1.9.10 - 1.9.11 - Full Path Disclosure
https://notcve.org/view.php?id=CVE-2013-0291
NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability NextGEN Gallery Plugin para WordPress, versiones 1.9.10 y 1.9.11, presenta una Vulnerabilidad de Divulgación de Ruta. NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability. • https://www.exploit-db.com/exploits/38314 http://www.openwall.com/lists/oss-security/2013/02/15/3 http://www.securityfocus.com/bid/57957 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •