WordPress Plugin Vulnerabilities

NextGEN Gallery 1.9.11 - Full Path Disclosure

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a Full Path Disclosure security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 2.0.0

References

CVE
CVE-2013-0291
URL
https://www.openwall.com/lists/oss-security/2013/02/15/3

Classification

Type
FPD
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-209
CVSS
7.5 (high)

Miscellaneous

Verified
No
WPVDB ID
4b7d6b66-f96a-4f54-9982-01885291c216

Timeline

Publicly Published
2015-02-08 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Dewplayer <= 1.2 - dewplayer.php Direct Request Path Disclosure Weakness
Published
2014-08-01
Title
WordPress 3.5.2 - Media Library Multiple Function Path Disclosure
Published
2014-08-01
Title
Caulk - path disclosure
Published
2019-10-16
Title
Fast Velocity Minify < 2.7.7 - Full Path Disclosure
Published
2014-08-01
Title
LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure