VYPR
Medium severity6.5NVD Advisory· Published Feb 9, 2021· Updated Jun 17, 2026

CVE-2020-35943

CVE-2020-35943

Description

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.