Description
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4
Exploit, Third Party Advisory x_refsource_misc
https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress
Scores
CVSS v3
6.5
EPSS
0.0010
EPSS Percentile
27.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-434
CWE-352
Status
published
Products (1)
imagely/nextgen_gallery
< 2.0.77.3
Published
Jul 07, 2022
Tracked Since
Feb 18, 2026