CVE-2019-14314 — CVSS 9.8 (critical): A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this…
CVE-2015-1784 — CVSS 8.8 (high): In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the…
CVE-2020-35942 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File…
CVE-2015-9228 — CVSS 8.8 (high): In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name…
CVE-2016-6565 — CVSS 7.5 (high): The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of…
CVE-2023-3154 — CVSS 7.5 (high): The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation…
CVE-2023-3155 — CVSS 7.2 (high): The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter…
CVE-2015-9538 — CVSS 6.5 (medium): The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection.
CVE-2015-1785 — CVSS 6.5 (medium): In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the…
CVE-2020-35943 — CVSS 6.5 (medium): A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to…
CVE-2021-24293 — CVSS 6.1 (medium): In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via…
CVE-2024-39627 — CVSS 5.9 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows…
CVE-2024-5442 — CVSS 5.9 (medium): The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could…
CVE-2015-9537 — CVSS 5.4 (medium): The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth…
CVE-2024-3097 — CVSS 5.3 (medium): The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing…
CVE-2023-3279 — CVSS 4.9 (medium): The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths…
CVE-2024-6393 — CVSS 4.8 (medium): The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which…
CVE-2015-9229 — CVSS 4.8 (medium): In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote…
CVE-2018-1000172 — CVSS 4.8 (medium): Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This…
CVE-2022-38468 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail…
CVE-2024-2744 — CVSS 4.3 (medium): The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-10545 — CVSS 3.5 (low): The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which…