Vulnerabilities > Imagely > Nextgen Gallery

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2021-24293 Cross-Site Scripting vulnerability in Imagely Nextgen Gallery
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.
network
imagely CWE-79
4.3
2021-02-09 CVE-2020-35943 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload.
network
imagely CWE-352
4.3
2021-02-09 CVE-2020-35942 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS.
network
imagely CWE-352
6.8
2020-02-11 CVE-2013-3684 Unrestricted Upload of File With Dangerous Type vulnerability in Imagely Nextgen Gallery
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
network
low complexity
imagely CWE-434
critical
10.0
2020-01-30 CVE-2013-0291 Information Exposure vulnerability in Imagely Nextgen Gallery 1.9.10/1.9.11
NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability
network
low complexity
imagely CWE-200
5.0
2019-11-26 CVE-2015-9538 Path Traversal vulnerability in Imagely Nextgen Gallery
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
network
low complexity
imagely CWE-22
4.0
2019-11-26 CVE-2015-9537 Cross-Site Scripting vulnerability in Imagely Nextgen Gallery
The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.
network
imagely CWE-79
3.5
2019-08-27 CVE-2019-14314 SQL Injection vulnerability in Imagely Nextgen Gallery
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress.
network
low complexity
imagely CWE-89
7.5
2019-08-14 CVE-2016-10889 SQL Injection vulnerability in Imagely Nextgen Gallery
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
network
low complexity
imagely CWE-89
7.5
2018-07-13 CVE-2016-6565 Improper Input Validation vulnerability in Imagely Nextgen Gallery
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
network
imagely CWE-20
6.0