Imagely Nextgen_gallery

27 CVEs affecting Imagely Nextgen_gallery. Latest disclosed: 2025-02-25. Critical: 3, High: 8.

Top CVEs affecting Imagely Nextgen_gallery
CVESeverityScorePublishedSummary
CVE-2013-3684Critical9.82020-02-11NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload
CVE-2019-14314Critical9.82019-08-27A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would all…
CVE-2016-10889Critical9.82019-08-14The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name.
CVE-2015-1784High8.82022-07-07In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The…
CVE-2020-35942High8.82021-02-09A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings mod…
CVE-2015-9228High8.82017-09-12In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extensio…
CVE-2023-3154High7.52023-10-16The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edi…
CVE-2013-0291High7.52020-01-30NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disclosure Vulnerability
CVE-2016-6565High7.52018-07-13The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request…
CVE-2018-7586High7.52018-03-01In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
CVE-2023-3155High7.22023-10-16The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `g…
CVE-2015-1785Medium6.52022-07-07In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The…
CVE-2020-35943Medium6.52021-02-09A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protectio…
CVE-2015-9538Medium6.52019-11-26The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
CVE-2021-24293Medium6.12021-05-05In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that t…
CVE-2024-39627Medium5.92024-08-01Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This iss…
CVE-2024-5442Medium5.92024-07-13The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege u…
CVE-2015-9537Medium5.42019-11-26The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, an…
CVE-2024-3097Medium5.32024-04-09The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_i…
CVE-2023-3279Medium4.92023-10-16The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include functio…