Vulnerabilities > Imagely

DATE CVE VULNERABILITY TITLE RISK
2024-08-01 CVE-2024-39627 Cross-site Scripting vulnerability in Imagely Nextgen Gallery
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.
network
low complexity
imagely CWE-79
4.8
2024-04-09 CVE-2024-3097 Missing Authorization vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59.
network
low complexity
imagely CWE-862
5.3
2023-11-30 CVE-2023-48328 Unspecified vulnerability in Imagely Nextgen Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.
network
low complexity
imagely
8.8
2023-10-16 CVE-2023-3154 Unspecified vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
network
low complexity
imagely
7.5
2023-10-16 CVE-2023-3155 Files or Directories Accessible to External Parties vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
network
low complexity
imagely CWE-552
7.2
2023-10-16 CVE-2023-3279 Unspecified vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
network
low complexity
imagely
4.9
2023-03-01 CVE-2022-38468 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.
network
low complexity
imagely CWE-352
4.3
2022-07-07 CVE-2015-1784 Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application.
network
low complexity
imagely CWE-434
8.8
2022-07-07 CVE-2015-1785 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application.
network
low complexity
imagely CWE-352
6.5
2021-05-05 CVE-2021-24293 Unspecified vulnerability in Imagely Nextgen Gallery
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.
network
low complexity
imagely
6.1