CVE-2014-3123

Wpgetready Nextcellent Gallery < 1.9.17 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to inject arbitrary web script or HTML via the "Alt & Title Text" field.

References (4)

[Vendor Advisory] http://secunia.com/advisories/58031

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67085

[Exploit] http://www.vapid.dhs.org/advisories/wordpress/plugins/nextCellent-gallery-1.9.13

[Patch] https://wordpress.org/plugins/nextcellent-gallery-nextgen-legacy/changelog

Scores

EPSS 0.0024

EPSS Percentile 47.5%

Details

CWE

CWE-79

Status published

Products (5)

wpgetready/nextcellent_gallery < 1.9.17

wpgetready/nextcellent_gallery

n/a/n/a

Published May 08, 2014

Tracked Since Feb 18, 2026