Imagely

Nextgen Gallery

27 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2024-10545

Exploit
  • EPSS 0.21%
  • Veröffentlicht 25.02.2025 06:15:23
  • Zuletzt bearbeitet 15.05.2025 20:48:52

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfil...

4.8

CVE-2024-6393

Exploit
  • EPSS 0.15%
  • Veröffentlicht 25.11.2024 06:15:06
  • Zuletzt bearbeitet 15.05.2025 15:36:18

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfi...

4.8

CVE-2024-39627

  • EPSS 0.28%
  • Veröffentlicht 01.08.2024 23:15:51
  • Zuletzt bearbeitet 11.09.2024 17:35:37

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.

5.9

CVE-2024-5442

Exploit
  • EPSS 0.24%
  • Veröffentlicht 13.07.2024 06:15:04
  • Zuletzt bearbeitet 13.05.2025 16:29:31

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_...

4.3

CVE-2024-2744

Exploit
  • EPSS 0.43%
  • Veröffentlicht 17.05.2024 06:15:51
  • Zuletzt bearbeitet 21.05.2025 18:58:27

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

5.3

CVE-2024-3097

  • EPSS 27.42%
  • Veröffentlicht 09.04.2024 19:15:39
  • Zuletzt bearbeitet 21.11.2024 09:28:53

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthentic...

8.8

CVE-2023-48328

  • EPSS 0.27%
  • Veröffentlicht 30.11.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:31:30

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.

4.9

CVE-2023-3279

Exploit
  • EPSS 0.79%
  • Veröffentlicht 16.10.2023 20:15:14
  • Zuletzt bearbeitet 23.04.2025 17:16:36

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

7.2

CVE-2023-3155

Exploit
  • EPSS 0.34%
  • Veröffentlicht 16.10.2023 20:15:14
  • Zuletzt bearbeitet 23.04.2025 17:16:35

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.

7.5

CVE-2023-3154

Exploit
  • EPSS 0.46%
  • Veröffentlicht 16.10.2023 20:15:14
  • Zuletzt bearbeitet 21.11.2024 08:16:34

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server.