WordPress Plugin Vulnerabilities

NextGEN Gallery < 2.1.10 - Multiple XSS

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a Multiple XSS security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 2.1.10

References

CVE
CVE-2015-9537
URL
https://www.openwall.com/lists/oss-security/2015/10/27/4

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
4572196e-c615-439a-9821-6d43e3e8dc07

Timeline

Publicly Published
2015-10-27 (about 10 years ago)
Added
2019-11-26 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-25
Title
The Plus Addons for Elementor < 5.5.0 - Contributor+ Stored Cross-Site Scripting via Countdown Widget
Published
2024-03-01
Title
Ultimate Bootstrap Elements for Elementor < 1.3.7 - Contributor+ Stored XSS
Published
2024-11-13
Title
WP Githuber MD <= 1.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-27
Title
Login with Vipps and MobilePay < 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-07-16
Title
Videopack < 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting