VYPR
Vendor

Imagely

Products
1
CVEs
11
Across products
11
Status
Private

Products

1

Recent CVEs

11
  • CVE-2015-9228HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.04

    In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.

  • CVE-2026-1463HigMar 18, 2026
    risk 0.50cvss 8.8epss 0.00

    The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with…

  • CVE-2016-6565HigJul 13, 2018
    risk 0.49cvss 7.5epss 0.03

    The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server…

  • CVE-2015-9229MedSep 12, 2017
    risk 0.31cvss 4.8epss 0.01

    In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.

  • CVE-2024-3097MedApr 9, 2024
    risk 0.29cvss 5.3epss 0.38

    The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract…

  • CVE-2023-48328MedNov 30, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.

  • CVE-2026-6566MedMay 20, 2026
    risk 0.21cvss 4.3epss 0.00

    The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the…

  • CVE-2010-1186Apr 7, 2010
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

  • CVE-2024-39627Aug 1, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.

  • CVE-2024-2744May 17, 2024
    risk 0.00cvss epss 0.00

    The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

  • CVE-2008-7175Sep 8, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.