Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextgen_gallery
(Imagely)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-07 | CVE-2015-1784 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | Nextgen_gallery | 8.8 | ||
| 2022-07-07 | CVE-2015-1785 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests. | Nextgen_gallery | 6.5 | ||
| 2019-11-26 | CVE-2015-9538 | The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | Nextgen_gallery | 6.5 | ||
| 2019-11-26 | CVE-2015-9537 | The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | Nextgen_gallery | 5.4 | ||
| 2017-09-12 | CVE-2015-9229 | In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | Nextgen_gallery | 4.8 | ||
| 2017-09-12 | CVE-2015-9228 | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | Nextgen_gallery | 8.8 | ||
| 2018-03-01 | CVE-2018-7586 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | Nextgen_gallery | 7.5 | ||
| 2020-02-11 | CVE-2013-3684 | NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload | Nextgen_gallery | N/A | ||
| 2020-01-30 | CVE-2013-0291 | NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability | Nextgen_gallery | N/A | ||
| 2019-08-27 | CVE-2019-14314 | A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php. | Nextgen_gallery | 9.8 |