CVE-2016-6565

Name of the Vulnerable Software and Affected Versions Imagely NextGen Gallery plugin for Wordpress versions prior to 2.1.57

Description The issue arises from improper validation of user input in the cssfile parameter of an HTTP POST request. This may allow an authenticated user to read arbitrary files from the server or execute arbitrary code on the server, depending on the server configuration.

Recommendations For versions prior to 2.1.57, update to version 2.1.57 or later to resolve the issue. As a temporary workaround, consider restricting access to the cssfile parameter in the HTTP POST request to minimize the risk of exploitation.