Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion

CVE-2025-13641

Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library

Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via SimpleLightbox JavaScript Library

CVE-2024-10545

Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

CVE-2024-6393

CVE-2024-39627

WordPress NextGEN Gallery Plugin < 3.59.3 is vulnerable to Cross Site Scripting (XSS)

CVE-2024-2744

CVE-2024-3097

CVE-2023-48328

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to Local File Inclusion

WordPress NextGEN Gallery Plugin <= 3.39 is vulnerable to PHP Object Injection

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to Arbitrary File Deletion

NextGEN Gallery &lt;= 2.0.63 - Arbitrary File Upload

NextGEN Gallery 2.0.0 - Directory Traversal

NextGEN Gallery &lt;= 1.9.0 - Multiple Cross-Site Scripting (XSS)

NextGEN Gallery &lt;= 1.8.3 - XXS &amp; CSRF

NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)

NextGEN Gallery &lt;= 1.7.3 - xml/ajax.php Path Disclosure

NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS

NextGEN Gallery &lt; 2.1.9 - Authenticated Path Traversal

NextGEN Gallery &lt; 2.1.79 - Unauthenticated SQL Injection

NextGen Gallery &lt;= 3.1.5 - Authenticated PHP Object Injection

WordPress NextGEN Gallery Plugin <= 3.3.6 is vulnerable to Cross Site Scripting (XSS)

CVE-2022-38468

CVE-2012-3414

NextGen Gallery <= 2.0 - Path Traversal

NextGen Gallery <= 2.0.65 - Arbitrary File Upload

NextGen Gallery <= 2.1.7 - Path Traversal

NextGen Gallery <= 2.1.77 - SQL Injection

NextGen Gallery <= 3.1.5 - PHP Object Injection

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Freemius Library &lt; 2.2.4 - Subscriber+ Arbitrary Option Update

CVE-2015-1785

CVE-2015-1784

WordPress NextGEN Gallery Plugin - Directory Traversal

WordPress NextGEN Gallery Plugin - Cross Site Scripting

WordPress NextGEN Gallery Plugin <= 1.7.3 - Full Path Disclosure

WordPress NextGEN Gallery Plugin <= 1.8.3 - Multiple Vulnerabilities

WordPress NextGEN Gallery Plugin <= 1.9.0 - Multiple XSS

WordPress NextGEN Gallery Plugin <= 1.9.5 - Stored XSS

WordPress NextGEN Gallery Plugin <= 1.9.11 - Full Path Disclosure

WordPress NextGEN Gallery Plugin <= 1.9.7 - Cross Site Scripting

WordPress NextGEN Gallery Plugin <= 2.0.0 - Directory Traversal

WordPress NextGEN Gallery Plugin <= 2.0.63 - Arbitrary File Upload

WordPress NextGEN Gallery Plugin <= 2.1.7 - Authenticated Path Traversal

WordPress NextGEN Gallery plugin <= 2.1.59 - Authenticated Remote Code Execution (RCE) Vulnerability

WordPress NextGEN Gallery plugin <= 3.1.6 - Authenticated Option Update vulnerability (Fremius Library security issue)

CVE-2008-7175

CVE-2010-1186

CVE-2015-9229

CVE-2015-9228

WordPress NextGEN Gallery plugin <=2.2.46 - Gallery Paths Not Secured

CVE-2018-1000172

CVE-2016-6565

CVE-2016-10889

CVE-2019-14314

CVE-2015-9537

CVE-2015-9538

CVE-2013-3684

CVE-2013-0291

CVE-2020-35943

CVE-2020-35942