Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextgen_gallery
(Imagely)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-26 | CVE-2015-9537 | The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | Nextgen_gallery | 5.4 | ||
| 2017-09-12 | CVE-2015-9229 | In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | Nextgen_gallery | 4.8 | ||
| 2017-09-12 | CVE-2015-9228 | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | Nextgen_gallery | 8.8 | ||
| 2018-03-01 | CVE-2018-7586 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | Nextgen_gallery | 7.5 | ||
| 2020-02-11 | CVE-2013-3684 | NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | Nextgen_gallery | N/A | ||
| 2020-01-30 | CVE-2013-0291 | NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | Nextgen_gallery | N/A | ||
| 2019-08-27 | CVE-2019-14314 | A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | Nextgen_gallery | 9.8 | ||
| 2018-07-13 | CVE-2016-6565 | The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). | Nextgen_gallery | 7.5 | ||
| 2019-08-14 | CVE-2016-10889 | The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. | Nextgen_gallery | 9.8 | ||
| 2018-04-30 | CVE-2018-1000172 | Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45. | Nextgen_gallery | 4.8 |