Skip to main content

Nextgen Gallery CVE-2023-48328

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-11-30 audit@patchstack.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 30, 2023 - 16:15 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin - NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin - NextGEN Gallery: from n/a through 3.37.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin - NextGEN Gallery allows Cross Site Request Forgery.37. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin - NextGEN Gallery allows Cross Site Request Forgery.37. Affected products include: Imagely Nextgen Gallery. Version information: through 3.37..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2024-3097 MEDIUM POC
5.3 Apr 09

The WordPress Gallery Plugin - NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to

CVE-2023-3154 HIGH POC
7.5 Oct 16

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input p

CVE-2023-3155 HIGH POC
7.2 Oct 16

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack

CVE-2021-24293 MEDIUM POC
6.1 May 05

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_i

CVE-2024-5442 MEDIUM POC
5.9 Jul 13

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.3 does not sanitise and escape some of its setting

CVE-2015-9228 HIGH
8.8 Sep 12

In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via

CVE-2019-14314 CRITICAL
9.8 Aug 27

A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Rated critical s

CVE-2026-9059 CRITICAL
9.3 May 20

Authenticated SQL injection in NextGEN Gallery (WordPress plugin by Awesome Motive/Imagely) before version 4.2.1 allows

CVE-2023-3279 MEDIUM POC
4.9 Oct 16

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to g

CVE-2015-9229 MEDIUM POC
4.8 Sep 12

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for

CVE-2024-6393 MEDIUM POC
4.8 Nov 25

The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images

CVE-2024-2744 MEDIUM POC
4.3 May 17

The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow

Share

CVE-2023-48328 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy