CVE-2023-48328 — Cross-Site Request Forgery in Nextgen Gallery

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

8.8HIGHNVD

CNA4.3

EPSS

0.3%

top 49.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imagely Nextgen Gallery Imagely Wordpress Gallery Plugin Nextgen Gallery

Timeline

PublishedNov 30

Description

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5imagely/wordpress_gallery_plugin_nextgen_galleryn/a — 3.37

▶NVDimagely/nextgen_gallery< 3.39

🔴Vulnerability Details

GHSA

GHSA-6vjm-vjm7-c6gq: Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery↗2023-11-30

▶

CVEList

WordPress NextGEN Gallery Plugin <= 3.37 is vulnerable to Cross Site Request Forgery (CSRF)↗2023-11-30

▶