Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextgen_gallery
(Imagely)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-05 | CVE-2021-24293 | In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript. | Nextgen_gallery | 6.1 | ||
| 2021-02-09 | CVE-2020-35943 | A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.) | Nextgen_gallery | 6.5 | ||
| 2019-11-26 | CVE-2015-9538 | The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | Nextgen_gallery | 6.5 | ||
| 2019-11-26 | CVE-2015-9537 | The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | Nextgen_gallery | 5.4 | ||
| 2017-09-12 | CVE-2015-9229 | In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | Nextgen_gallery | 4.8 | ||
| 2017-09-12 | CVE-2015-9228 | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | Nextgen_gallery | 8.8 | ||
| 2018-03-01 | CVE-2018-7586 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | Nextgen_gallery | 7.5 | ||
| 2020-02-11 | CVE-2013-3684 | NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | Nextgen_gallery | N/A | ||
| 2020-01-30 | CVE-2013-0291 | NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | Nextgen_gallery | N/A | ||
| 2019-08-27 | CVE-2019-14314 | A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | Nextgen_gallery | 9.8 |