WordPress Plugin Vulnerabilities

NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)

Description

XSS in error message caused by alt and title image attributes.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 2.2.45

References

CVE
CVE-2018-1000172
URL
https://fortiguard.com/zeroday/FG-VD-17-215
URL
https://plugins.trac.wordpress.org/changeset/1822089/nextgen-gallery

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0f58c270-9e41-4785-bd25-687b924b6867

Timeline

Publicly Published
2018-02-14 (about 8 years ago)
Added
2018-05-03 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-14
Title
CRUDLab Scroll to Top <= 1.0.1 - Reflected Cross-Site Scripting
Published
2025-05-07
Title
Mollie Forms < 2.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-07-10
Title
WooCommerce Predictive Search < 6.1.0 - Reflected Cross-Site Scripting
Published
2025-09-16
Title
Blocksy Companion < 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via blocksy_newsletter_subscribe Shortcode
Published
2022-02-09
Title
Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS)