WordPress Plugin Vulnerabilities

NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI) & SQLi

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Authenticated Local File Inclusion (LFI) & SQLi security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 2.1.57

References

CVE
CVE-2016-10889
CVE
CVE-2016-6565
URL
http://www.kb.cert.org/vuls/id/346175
URL
https://plugins.trac.wordpress.org/changeset/1533907/nextgen-gallery

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4b215a99-b1e7-4736-b859-92ceac3aad9c

Timeline

Publicly Published
2016-11-15 (about 9 years ago)
Added
2016-11-16 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-12-29
Title
WhyDoWork AdSense 1.2 - XSS & CSRF
Published
2014-12-14
Title
WP-FB-AutoConnect <= 4.0.5 - XSS/CSRF
Published
2019-06-26
Title
LiveChat < 3.7.6 - Unauthenticated Option Update/Reset and Stored XSS
Published
2015-01-12
Title
WP Unique Article Header Image 1.0 - CSRF & XSS
Published
2015-09-01
Title
Testimonial Slider < 1.3.2 - Authenticated Stored Cross-Site Scripting (XSS) & CSRF