WordPress Plugin Vulnerabilities

NextGen Gallery <= 3.1.5 - Authenticated PHP Object Injection

Description

Legacy serialization handling allows unserialize of user input for low privileged users, leading to RCE.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 3.1.6

References

URL
https://medium.com/websec/wordpress-nextgen-gallery-3-1-5-rce-via-low-priviledged-users-85a37ff87423
URL
https://plugins.trac.wordpress.org/changeset/2013508/nextgen-gallery
URL
https://plugins.trac.wordpress.org/changeset/2008464/nextgen-gallery

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Slavco
Submitter
Slavco
Submitter website
https://medium.com/websec
Submitter twitter
mslavco
Verified
No
WPVDB ID
e17ed5ce-6bb5-4f0e-b6b4-bd5648a1e5b6

Timeline

Publicly Published
2019-02-05 (about 7 years ago)
Added
2019-02-05 (about 7 years ago)
Last Updated
2021-02-08 (about 5 years ago)

Other

Published
Title
Published
2026-01-21
Title
WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection
Published
2025-01-03
Title
UpdraftPlus < 1.24.12 - Unauthenticated PHP Object Injection
Published
2022-10-03
Title
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
Published
2025-02-21
Title
Saoshyant Slider <= 3.0 - Unauthenticated PHP Object Injection
Published
2016-12-09
Title
BP Profile Search < 4.6 - PHP Object Injection