Imagely Nextgen Gallery vulnerabilities
27 known vulnerabilities affecting imagely/nextgen_gallery.
Total CVEs
27
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH9MEDIUM14LOW1
Vulnerabilities
Page 2 of 2
CVE-2024-6393P4MEDIUMCVSS 4.8fixed in 3.59.52024-11-25
CVE-2024-6393 [MEDIUM] CWE-79 CVE-2024-6393: The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and esca
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
CVE-2024-39627P4MEDIUMCVSS 4.8fixed in 3.59.4≥ n/a, ≤ 3.59.32024-08-01
CVE-2024-39627 [MEDIUM] CWE-79 CVE-2024-39627: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.
nvd
CVE-2015-9229P4MEDIUMCVSS 4.8v2.1.152017-09-12
CVE-2015-9229 [MEDIUM] CWE-79 CVE-2015-9229: In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress,
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
nvd
CVE-2018-1000172P4MEDIUMCVSS 4.8≤ 2.2.302018-04-30
CVE-2018-1000172 [MEDIUM] CWE-79 CVE-2018-1000172: Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerabili
Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.
nvd
CVE-2024-2744P4MEDIUMCVSS 4.3fixed in 3.59.12024-05-17
CVE-2024-2744 [MEDIUM] CWE-79 CVE-2024-2744: The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its setting
The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
nvd
CVE-2022-38468P4MEDIUMCVSS 4.3fixed in 3.292023-03-01
CVE-2022-38468 [MEDIUM] CWE-352 CVE-2022-38468: Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Galler
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.
nvd
CVE-2024-10545P4LOWCVSS 3.5fixed in 3.59.92025-02-25
CVE-2024-10545 [LOW] CWE-79 CVE-2024-10545: The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and esca
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
← Previous2 / 2