VYPR

Nextgen Gallery Pro

by WordPress

CVEs (1)

  • CVE-2021-24293May 5, 2021
    risk 0.00cvss epss 0.01

    In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.