Vulnerabilities > Imagely
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-35943 | Cross-Site Request Forgery (CSRF) vulnerability in Imagely Nextgen Gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. | 6.5 |
| 2021-02-09 | CVE-2020-35942 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. | 8.8 |
| 2020-02-11 | CVE-2013-3684 | Unrestricted Upload of File with Dangerous Type vulnerability in Imagely Nextgen Gallery NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | 9.8 |
| 2020-01-30 | CVE-2013-0291 | Information Exposure vulnerability in Imagely Nextgen Gallery 1.9.10/1.9.11 NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | 7.5 |
| 2019-11-26 | CVE-2015-9538 | Path Traversal vulnerability in Imagely Nextgen Gallery The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | 6.5 |
| 2019-11-26 | CVE-2015-9537 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | 5.4 |
| 2019-08-27 | CVE-2019-14314 | SQL Injection vulnerability in Imagely Nextgen Gallery A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. | 9.8 |
| 2019-08-14 | CVE-2016-10889 | SQL Injection vulnerability in Imagely Nextgen Gallery The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. | 9.8 |
| 2018-07-13 | CVE-2016-6565 | Improper Input Validation vulnerability in Imagely Nextgen Gallery The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). | 7.5 |
| 2018-04-30 | CVE-2018-1000172 | Cross-site Scripting vulnerability in Imagely Nextgen Gallery Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. | 4.8 |