VYPR

Assistant For Nextgen Gallery

by WordPress

Source repositories

CVEs (1)

  • CVE-2025-7641HigAug 15, 2025
    risk 0.49cvss 7.5epss 0.01

    The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for…