VYPR
Unrated severityNVD Advisory· Published May 8, 2014· Updated Jun 17, 2026No known patch

CVE-2014-3123

CVE-2014-3123

Description

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.14:*:*:*:*:wordpress:*:*+ 3 more
    • cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.14:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.15:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:wpgetready:nextcellent_gallery:1.9.16:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:wpgetready:nextcellent_gallery:*:*:*:*:*:wordpress:*:*range: <=1.9.17
  • Range: <1.19.18

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.