WordPress Plugin Vulnerabilities

NextGEN Gallery <= 1.7.3 - xml/ajax.php Path Disclosure

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a xml/ajax.php Path Disclosure security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 1.7.4

Classification

Type
FPD
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-209

Miscellaneous

Verified
No
WPVDB ID
e9a46e52-fdfb-40d4-b077-d4cfc6b118e1

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2015-05-15 (about 10 years ago)

Other

Published
Title
Published
2014-11-27
Title
HTML5 MP3 Player with Playlist < 2.8.0 - Full Path Disclosure (FPD)
Published
2014-08-01
Title
JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure
Published
2012-12-06
Title
Simple Gmail Login < 1.1.4 - FPD
Published
2014-08-01
Title
LBG Zoominoutslider - Multiple Script Direct Request Path Disclosure
Published
2014-08-01
Title
Imperial Fairytale - Multiple Script Direct Request Path Disclosure