NextGEN Gallery
Syed Balkhi
Developer
3.59.12
Latest version
400,000
Installations
Apr 24, 2025
Last updated
Vulnerability history
0 present
35 fixed
2 Mitigation rules
- Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library<= 3.59.4May 19, 2025
- Admin+ Stored XSS vulnerability< 3.59.9Feb 25, 2025
- Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library<= 3.59.4Dec 3, 2024
- Admin+ Stored XSS vulnerability< 3.59.5Nov 25, 2024
- Cross Site Scripting (XSS) vulnerability<= 3.59.3Jul 22, 2024
- Admin+ Stored XSS vulnerability< 3.59.3Jul 15, 2024
- Admin+ Stored XSS vulnerability< 3.59.1May 17, 2024
- Missing Authorization to Unauthenticated Information Disclosure vulnerability<= 3.59Apr 8, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 3.37Nov 23, 2023
- Admin+ Local File Inclusion vulnerability< 3.39Oct 17, 2023
- Admin+ Arbitrary File Read and Delete vulnerability< 3.39Oct 17, 2023
- Admin+ PHAR Deserialization vulnerability< 3.39Oct 17, 2023
- Reflected Cross Site Scripting (XSS) vulnerability<= 3.3.6Jul 19, 2023
- Cross-Site Request Forgery (CSRF)<= 3.28Feb 14, 2023
- Cross-Site Request Forgery (CSRF) vulnerability leading to file upload<= 3.4.7Feb 8, 2021
- Cross-Site Request Forgery (CSRF) leading to XSS and RCE via file upload and LFI<= 3.4.7Feb 8, 2021
- SQL Injection vulnerability<= 3.2.8Aug 27, 2019
- Authenticated Option Update vulnerability (Fremius Library security issue)<= 3.1.6Mar 2, 2019
- Sensitive Information Disclosure<= 2.2.46Mar 2, 2018
- Authenticated Remote Code Execution (RCE) Vulnerability2.1.59Nov 28, 2016
- Authenticated Path Traversal<= 2.1.7Oct 7, 2015
- Arbitrary File Upload<= 2.0.63May 15, 2015
- Directory Traversal<= 2.0.0May 15, 2015
- Cross Site Scripting<= 1.9.7May 15, 2015
- Full Path Disclosure<= 1.9.11May 15, 2015
- Stored XSS<= 1.9.5May 15, 2015
- Multiple XSS<= 1.9.0May 15, 2015
- Multiple Vulnerabilities<= 1.8.3May 15, 2015
- Full Path Disclosure<= 1.7.3May 15, 2015
- Directory Traversal<= 2.0.0Feb 19, 2014
- Arbitrary File Upload<= 1.9.12Jun 12, 2013
- Path Disclosure Vulnerability<= 1.9.11Feb 14, 2013
- Cross Site Scripting<= 1.9.10Jan 8, 2013
- XSS Vulnerability<= 1.5.1Apr 6, 2010
- XSS<= 0.96Sep 7, 2009