Vulnerabilities > Imagely > Nextgen Gallery > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-48328 | Unspecified vulnerability in Imagely Nextgen Gallery Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37. | 8.8 |
| 2023-10-16 | CVE-2023-3154 | Unspecified vulnerability in Imagely Nextgen Gallery The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | 7.5 |
| 2023-10-16 | CVE-2023-3155 | Files or Directories Accessible to External Parties vulnerability in Imagely Nextgen Gallery The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | 7.2 |
| 2022-07-07 | CVE-2015-1784 | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. | 8.8 |
| 2021-02-09 | CVE-2020-35942 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. | 8.8 |
| 2020-01-30 | CVE-2013-0291 | Information Exposure vulnerability in Imagely Nextgen Gallery 1.9.10/1.9.11 NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | 7.5 |
| 2018-07-13 | CVE-2016-6565 | Improper Input Validation vulnerability in Imagely Nextgen Gallery The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). | 7.5 |
| 2018-03-01 | CVE-2018-7586 | Path Traversal vulnerability in Imagely Nextgen Gallery In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 7.5 |
| 2017-09-12 | CVE-2015-9228 | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | 8.8 |