Vulnerabilities > Imagely > Nextgen Gallery > 2.0.66.27
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-35942 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. | 8.8 |
| 2019-11-26 | CVE-2015-9538 | Path Traversal vulnerability in Imagely Nextgen Gallery The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | 6.5 |
| 2019-11-26 | CVE-2015-9537 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | 5.4 |
| 2019-08-27 | CVE-2019-14314 | SQL Injection vulnerability in Imagely Nextgen Gallery A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. | 9.8 |
| 2019-08-14 | CVE-2016-10889 | SQL Injection vulnerability in Imagely Nextgen Gallery The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. | 9.8 |
| 2018-07-13 | CVE-2016-6565 | Improper Input Validation vulnerability in Imagely Nextgen Gallery The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). | 7.5 |
| 2018-04-30 | CVE-2018-1000172 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. | 4.8 |
| 2018-03-01 | CVE-2018-7586 | Path Traversal vulnerability in Imagely Nextgen Gallery In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 7.5 |
| 2017-09-12 | CVE-2015-9228 | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | 8.8 |