WordPress Plugin Vulnerabilities

NextGEN Gallery 1.9.12 - Arbitrary File Upload

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Arbitrary File Upload security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 1.9.13

References

CVE
CVE-2013-3684

Miscellaneous

Verified
No
WPVDB ID
0e0e07c1-5c67-4342-acd7-897ddddcc2f5

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-25
Title
Booking calendar, Appointment Booking System < 3.2.16 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
Published
2016-06-22
Title
Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Upload and Download
Published
2025-09-22
Title
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) < 4.9.56 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'
Published
2025-06-04
Title
WP User Frontend Pro < 4.1.4 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2021-06-29
Title
Super Progressive Web Apps < 2.1.13 - Authenticated (High Privileged) Arbitrary File Upload to RCE