Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:imagely:nextgen_gallery:3.22:*:*:*:*:wordpress:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-3097 |
The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin. Published: April 09, 2024; 3:15:39 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-48328 |
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37. Published: November 30, 2023; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-3279 |
The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks Published: October 16, 2023; 4:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2023-3155 |
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. Published: October 16, 2023; 4:15:14 PM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-3154 |
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. Published: October 16, 2023; 4:15:14 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-38468 |
Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration. Published: March 01, 2023; 9:15:15 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |