WordPress Plugin Vulnerabilities

NextGen Gallery < 2.1.15 - Path Traversal

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a Path Traversal security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 2.1.15

References

CVE
CVE-2015-9538
URL
https://packetstormsecurity.com/files/#135114/
URL
https://github.com/cybersecurityworks/Disclosed/issues/2

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
6.5 (medium)

Miscellaneous

Verified
No
WPVDB ID
871a1111-6567-4331-89f5-eb884326ee17

Timeline

Publicly Published
2015-08-28 (about 8 years ago)
Added
2019-11-26 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2017-09-29
Title
Insert Pages < 3.2.4 - Directory Traversal
Published
2019-10-11
Title
ArForms < 4.0 - Unauthenticated Arbitrary File Deletion via Traversal
Published
2014-09-20
Title
W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read
Published
2019-03-07
Title
Caldera Forms Pro < 1.8.2 - Unauthenticated Arbitrary File Read
Published
2022-10-31
Title
Booster for WooCommerce - ShopManager+ Arbitrary File Download