VYPR

Nextgen Gallery

by WordPress

Source repositories

CVEs (25)

  • CVE-2024-3097MedApr 9, 2024
    risk 0.30cvss 5.3epss 0.38

    The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract…

  • CVE-2024-2744MedMay 17, 2024
    risk 0.28cvss 4.3epss 0.00

    The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

  • CVE-2026-6566MedMay 20, 2026
    risk 0.21cvss 4.3epss 0.00

    The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the…

  • CVE-2010-1186Apr 7, 2010
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

  • CVE-2008-7175Sep 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.

Page 2 of 2