Vulnerabilities > Imagely > Nextgen Gallery > 1.5.2

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-48328 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.
network
low complexity
imagely CWE-352
8.8
2023-10-16 CVE-2023-3154 Unspecified vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
network
low complexity
imagely
7.5
2023-10-16 CVE-2023-3155 Files or Directories Accessible to External Parties vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.
network
low complexity
imagely CWE-552
7.2
2023-10-16 CVE-2023-3279 Unspecified vulnerability in Imagely Nextgen Gallery
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks
network
low complexity
imagely
4.9
2023-03-01 CVE-2022-38468 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.
network
low complexity
imagely CWE-352
4.3
2022-07-07 CVE-2015-1784 Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application.
network
low complexity
imagely CWE-434
6.5
2022-07-07 CVE-2015-1785 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application.
network
imagely CWE-352
4.3
2021-02-09 CVE-2020-35943 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload.
network
imagely CWE-352
4.3
2021-02-09 CVE-2020-35942 Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS.
network
imagely CWE-352
6.8
2020-02-11 CVE-2013-3684 Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
network
low complexity
imagely CWE-434
critical
10.0