cbcvebase.

Imagely Nextgen Gallery vulnerabilities

27 known vulnerabilities affecting imagely/nextgen_gallery.

Total CVEs
27
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH9MEDIUM14LOW1

Vulnerabilities

Page 2 of 2
CVE-2024-6393P4MEDIUMCVSS 4.8fixed in 3.59.52024-11-25
CVE-2024-6393 [MEDIUM] CWE-79 CVE-2024-6393: The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and esca The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
CVE-2024-39627P4MEDIUMCVSS 4.8fixed in 3.59.4≥ n/a, ≤ 3.59.32024-08-01
CVE-2024-39627 [MEDIUM] CWE-79 CVE-2024-39627: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.
nvd
CVE-2015-9229P4MEDIUMCVSS 4.8v2.1.152017-09-12
CVE-2015-9229 [MEDIUM] CWE-79 CVE-2015-9229: In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
nvd
CVE-2018-1000172P4MEDIUMCVSS 4.8≤ 2.2.302018-04-30
CVE-2018-1000172 [MEDIUM] CWE-79 CVE-2018-1000172: Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerabili Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.
nvd
CVE-2024-2744P4MEDIUMCVSS 4.3fixed in 3.59.12024-05-17
CVE-2024-2744 [MEDIUM] CWE-79 CVE-2024-2744: The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its setting The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
nvd
CVE-2022-38468P4MEDIUMCVSS 4.3fixed in 3.292023-03-01
CVE-2022-38468 [MEDIUM] CWE-352 CVE-2022-38468: Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Galler Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.
nvd
CVE-2024-10545P4LOWCVSS 3.5fixed in 3.59.92025-02-25
CVE-2024-10545 [LOW] CWE-79 CVE-2024-10545: The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and esca The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
nvd
Imagely Nextgen Gallery vulnerabilities | cvebase