WordPress Plugin Vulnerabilities

NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI) & SQLi

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Authenticated Local File Inclusion (LFI) & SQLi security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 2.1.57

References

CVE
CVE-2016-10889
CVE
CVE-2016-6565
URL
http://www.kb.cert.org/vuls/id/346175
URL
https://plugins.trac.wordpress.org/changeset/1533907/nextgen-gallery

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4b215a99-b1e7-4736-b859-92ceac3aad9c

Timeline

Publicly Published
2016-11-15 (about 9 years ago)
Added
2016-11-16 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-12-15
Title
Sliding Social Icons <= 1.61 - CSRF & Stored XSS
Published
2017-09-16
Title
Post Pay Counter < 2.731 - PHP Obj Injection & Access Control Issues
Published
2020-03-12
Title
Popup Builder < 3.64.1 - Multiple Issues
Published
2019-06-27
Title
Block WP Login < 1.3.2 - CSRF and Unauthorised Settings Update
Published
2015-08-10
Title
Events Manager < 5.6 - Cross-Site Scripting (XSS) & Code Injection