Imagely: >> Nextgen Gallery >> 1.9.13 Security Vulnerabilities
Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image in the administrator page. This vulnerability appears to have been fixed in 2.2.45.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-30
In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured.
CVSS Score
7.5
EPSS Score
0.017
Published
2018-03-01
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
CVSS Score
8.8
EPSS Score
0.05
Published
2017-09-12
Page 3