CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-28869 – WordPress NextGEN Gallery Voting plugin <= 2.7.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-28869
24 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NextGEN Gallery Voting allows Reflected XSS. This issue affects NextGEN Gallery Voting: from n/a through 2.7.6. The NextGEN Gallery Voting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages... • https://patchstack.com/database/wordpress/plugin/nextgen-gallery-voting/vulnerability/wordpress-nextgen-gallery-voting-plugin-2-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25091 – WordPress NextGen Cooliris Gallery plugin <= 0.7 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25091
03 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7. The NextGen Cooliris Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to... • https://patchstack.com/database/wordpress/plugin/nextgen-cooliris-gallery/vulnerability/wordpress-nextgen-cooliris-gallery-plugin-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39627 – WordPress Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin <= 3.59.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-39627
22 Jul 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3. The NextGEN Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.59.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrar... • https://patchstack.com/database/vulnerability/nextgen-gallery/wordpress-photo-gallery-sliders-proofing-and-themes-nextgen-gallery-plugin-3-59-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •