logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

WordPress Gallery Plugin – NextGEN Gallery wordpress-logolabel

2021-02-08

NextGen Gallery < 3.5.0 - CSRF allows File Upload

fixed in version 3.5.0

2021-02-08

NextGen Gallery < 3.5.0 - CSRF allows File Upload, Stored XSS, and RCE

fixed in version 3.5.0

2019-08-27

Nextgen Gallery < 3.2.11 - SQL Injection

fixed in version 3.2.11

2019-02-26

Freemius Library <= 2.2.3 - Authenticated Option Update

fixed in version 3.1.7

2019-02-05

NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injection

fixed in version 3.1.6

2018-03-02

NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured

fixed in version 2.2.50

2018-02-14

NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)

fixed in version 2.2.45

2017-02-27

NextGEN Gallery < 2.1.79 - Unauthenticated SQL Injection

fixed in version 2.1.79

2016-11-15

NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI) & SQLi

fixed in version 2.1.57

2015-12-23

NextGEN Gallery < 2.1.15 - Unrestricted File Upload

fixed in version 2.1.15

2015-10-27

NextGEN Gallery < 2.1.10 - Multiple XSS

fixed in version 2.1.10

2015-08-28

NextGEN Gallery < 2.1.9 - Authenticated Path Traversal

fixed in version 2.1.9

2015-08-28

NextGen Gallery < 2.1.15 - Path Traversal

fixed in version 2.1.15

2015-03-25

NextGEN Gallery < 2.0.77.3 - CSRF & Arbitrary File Upload

fixed in version 2.0.77.3

2015-02-08

NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS

fixed in version 2.0.0

2015-02-08

NextGEN Gallery 1.9.11 - Full Path Disclosure

fixed in version 2.0.0

2014-08-01

NextGEN Gallery <= 1.7.3 - xml/ajax.php Path Disclosure

fixed in version 1.7.4

2014-08-01

NextGEN Gallery <= 1.8.3 - XXS & CSRF

fixed in version 1.8.4

2014-08-01

NextGEN Gallery <= 1.9.0 - Multiple Cross-Site Scripting (XSS)

fixed in version 1.9.1

2014-08-01

NextGEN Gallery 1.9.12 - Arbitrary File Upload

fixed in version 1.9.13

2014-08-01

NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)

fixed in version 1.9.8

2014-08-01

NextGEN Gallery 2.0.0 - Directory Traversal

fixed in version 2.0.7

2014-08-01

NextGEN Gallery <= 1.5.1 - Cross-Site Scripting (XSS)

fixed in version 1.5.2

2014-05-20

NextGEN Gallery <= 2.0.63 - Arbitrary File Upload

fixed in version 2.0.66

Is this your WordPress plugin?

We offer WordPress plugin security testing to help identify security vulnerabilities within your plugin. Please note that this is a paid service. If you are interested in talking about having your plugin tested by WordPress security experts, get in touch.