Skip to main content

Nextcellent Gallery

2 CVEs product

Monthly

CVE-2022-1971 MEDIUM POC This Month

The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nextcellent Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2014-3123 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images,. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP Nextcellent Gallery
NVD
CVSS 2.0
2.1
EPSS
0.2%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Nextcellent Gallery
NVD WPScan
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images,. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy