Vulnerabilities > Imagely > Nextgen Gallery

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2013-3684 Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery
NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
network
low complexity
imagely CWE-434
critical
10.0
2020-01-30 CVE-2013-0291 Information Exposure vulnerability in Imagely Nextgen Gallery 1.9.10/1.9.11
NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability
network
low complexity
imagely CWE-200
5.0
2019-11-26 CVE-2015-9538 Path Traversal vulnerability in Imagely Nextgen Gallery
The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
network
low complexity
imagely CWE-22
4.0
2019-11-26 CVE-2015-9537 Cross-site Scripting vulnerability in Imagely Nextgen Gallery
The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.
network
imagely CWE-79
3.5
2019-08-27 CVE-2019-14314 SQL Injection vulnerability in Imagely Nextgen Gallery
A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress.
network
low complexity
imagely CWE-89
7.5
2019-08-14 CVE-2016-10889 SQL Injection vulnerability in Imagely Nextgen Gallery
The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
network
low complexity
imagely CWE-89
7.5
2018-07-13 CVE-2016-6565 Improper Input Validation vulnerability in Imagely Nextgen Gallery
The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
network
imagely CWE-20
6.0
2018-04-30 CVE-2018-1000172 Cross-site Scripting vulnerability in Imagely Nextgen Gallery
Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text.
network
imagely CWE-79
3.5
2018-03-01 CVE-2018-7586 Path Traversal vulnerability in Imagely Nextgen Gallery
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
network
low complexity
imagely CWE-22
5.0
2017-09-12 CVE-2015-9229 Cross-site Scripting vulnerability in Imagely Nextgen Gallery 2.1.15
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
network
imagely CWE-79
3.5