NextGEN Gallery
Syed Balkhi
Developer
4.1.2
Latest version
400,000
Installations
No date
Last updated
Vulnerability history
0 present
38 patched
2 Mitigation rules
- WordPress Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery plugin <= 4.0.4 - Authenticated (Author+) Local File Inclusion vulnerability<= 4.0.419/03/2026
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library vulnerability<= 3.59.1131/12/2025
- Authenticated (Contributor+) Local File Inclusion via 'template' vulnerability<= 3.59.1217/12/2025
- Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library<= 3.59.419/05/2025
- Admin+ Stored XSS vulnerability< 3.59.925/02/2025
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library<= 3.59.403/12/2024
- Admin+ Stored XSS vulnerability< 3.59.525/11/2024
- Cross Site Scripting (XSS) vulnerability<= 3.59.322/07/2024
- Admin+ Stored XSS vulnerability< 3.59.315/07/2024
- Admin+ Stored XSS vulnerability< 3.59.117/05/2024
- Missing Authorization to Unauthenticated Information Disclosure vulnerability<= 3.5908/04/2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.3723/11/2023
- Admin+ Local File Inclusion vulnerability< 3.3917/10/2023
- Admin+ Arbitrary File Read and Delete vulnerability< 3.3917/10/2023
- Admin+ PHAR Deserialization vulnerability< 3.3917/10/2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.3.619/07/2023
- Cross-Site Request Forgery (CSRF)<= 3.2814/02/2023
- Cross-Site Request Forgery (CSRF) vulnerability leading to file upload<= 3.4.708/02/2021
- Cross-Site Request Forgery (CSRF) leading to XSS and RCE via file upload and LFI<= 3.4.708/02/2021
- SQL Injection vulnerability<= 3.2.827/08/2019
- Authenticated Option Update vulnerability (Fremius Library security issue)<= 3.1.602/03/2019
- Sensitive Information Disclosure<= 2.2.4602/03/2018
- Authenticated Remote Code Execution (RCE) Vulnerability2.1.5928/11/2016
- Authenticated Path Traversal<= 2.1.707/10/2015
- Arbitrary File Upload<= 2.0.6315/05/2015
- Directory Traversal<= 2.0.015/05/2015
- Cross Site Scripting<= 1.9.715/05/2015
- Full Path Disclosure<= 1.9.1115/05/2015
- Stored XSS<= 1.9.515/05/2015
- Multiple XSS<= 1.9.015/05/2015
- Multiple Vulnerabilities<= 1.8.315/05/2015
- Full Path Disclosure<= 1.7.315/05/2015
- Directory Traversal<= 2.0.019/02/2014
- Arbitrary File Upload<= 1.9.1212/06/2013
- Path Disclosure Vulnerability<= 1.9.1114/02/2013
- Cross Site Scripting<= 1.9.1008/01/2013
- XSS Vulnerability<= 1.5.106/04/2010
- XSS<= 0.9607/09/2009