WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress Gallery Plugin – NextGEN Gallery

2021-02-08
NextGen Gallery < 3.5.0 - CSRF allows File Upload, Stored XSS, and RCE
Fixed in version 3.5.0
2021-02-08
NextGen Gallery < 3.5.0 - CSRF allows File Upload
Fixed in version 3.5.0
2019-08-27
Nextgen Gallery < 3.2.11 - SQL Injection
Fixed in version 3.2.11
2019-02-26
Freemius Library < 2.2.4 - Subscriber+ Arbitrary Option Update
Fixed in version 3.1.7
2019-02-05
NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injection
Fixed in version 3.1.6
2018-03-02
NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured
Fixed in version 2.2.50
2018-02-14
NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
Fixed in version 2.2.45
2017-02-27
NextGEN Gallery < 2.1.79 - Unauthenticated SQL Injection
Fixed in version 2.1.79
2016-11-15
NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI) & SQLi
Fixed in version 2.1.57
2015-12-23
NextGEN Gallery < 2.1.15 - Unrestricted File Upload
Fixed in version 2.1.15
2015-10-27
NextGEN Gallery < 2.1.10 - Multiple XSS
Fixed in version 2.1.10
2015-08-28
NextGEN Gallery < 2.1.9 - Authenticated Path Traversal
Fixed in version 2.1.9
2015-08-28
NextGen Gallery < 2.1.15 - Path Traversal
Fixed in version 2.1.15
2015-03-25
NextGEN Gallery < 2.0.77.3 - CSRF & Arbitrary File Upload
Fixed in version 2.0.77.3
2015-02-08
NextGEN Gallery 1.9.11 - Full Path Disclosure
Fixed in version 2.0.0
2015-02-08
NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS
Fixed in version 2.0.0
2014-08-01
NextGEN Gallery <= 1.7.3 - xml/ajax.php Path Disclosure
Fixed in version 1.7.4
2014-08-01
NextGEN Gallery 2.0.0 - Directory Traversal
Fixed in version 2.0.7
2014-08-01
NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)
Fixed in version 1.9.8
2014-08-01
NextGEN Gallery 1.9.12 - Arbitrary File Upload
Fixed in version 1.9.13
2014-08-01
NextGEN Gallery <= 1.9.0 - Multiple Cross-Site Scripting (XSS)
Fixed in version 1.9.1
2014-08-01
NextGEN Gallery <= 1.8.3 - XXS & CSRF
Fixed in version 1.8.4
2014-08-01
NextGEN Gallery <= 1.5.1 - Cross-Site Scripting (XSS)
Fixed in version 1.5.2
2014-05-20
NextGEN Gallery <= 2.0.63 - Arbitrary File Upload
Fixed in version 2.0.66