Imagely Nextgen_gallery
27 CVEs affecting Imagely Nextgen_gallery. Latest disclosed: 2025-02-25. Critical: 3, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2013-3684 | Critical | 9.8 | 2020-02-11 | NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload |
CVE-2019-14314 | Critical | 9.8 | 2019-08-27 | A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would all… |
CVE-2016-10889 | Critical | 9.8 | 2019-08-14 | The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. |
CVE-2015-1784 | High | 8.8 | 2022-07-07 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The… |
CVE-2020-35942 | High | 8.8 | 2021-02-09 | A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings mod… |
CVE-2015-9228 | High | 8.8 | 2017-09-12 | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extensio… |
CVE-2023-3154 | High | 7.5 | 2023-10-16 | The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edi… |
CVE-2013-0291 | High | 7.5 | 2020-01-30 | NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability |
CVE-2016-6565 | High | 7.5 | 2018-07-13 | The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request… |
CVE-2018-7586 | High | 7.5 | 2018-03-01 | In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. |
CVE-2023-3155 | High | 7.2 | 2023-10-16 | The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `g… |
CVE-2015-1785 | Medium | 6.5 | 2022-07-07 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The… |
CVE-2020-35943 | Medium | 6.5 | 2021-02-09 | A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protectio… |
CVE-2015-9538 | Medium | 6.5 | 2019-11-26 | The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. |
CVE-2021-24293 | Medium | 6.1 | 2021-05-05 | In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that t… |
CVE-2024-39627 | Medium | 5.9 | 2024-08-01 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This iss… |
CVE-2024-5442 | Medium | 5.9 | 2024-07-13 | The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege u… |
CVE-2015-9537 | Medium | 5.4 | 2019-11-26 | The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, an… |
CVE-2024-3097 | Medium | 5.3 | 2024-04-09 | The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_i… |
CVE-2023-3279 | Medium | 4.9 | 2023-10-16 | The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include functio… |