Louie Augarde

Researcher fromNettitude_com
#21862of 53,632
10.8Total CVSS
Vulnerabilities · 2
Medium
2
PT-2022-7810
6.5
2022-07-07
WordPress · Nextgen Gallery · CVE-2015-1784
**Name of the Vulnerable Software and Affected Versions** nextgen-galery wordpress plugin versions prior to 2.0.77.3 **Description** The issue lies in the validation of user-uploaded files and the lack of security measures to prevent unwanted HTTP requests, allowing an attacker to gain full access to the web application. **Recommendations** For versions prior to 2.0.77.3, update to version 2.0.77.3 or later to resolve the issue.
PT-2022-7811
4.3
2022-07-07
WordPress · Nextgen Gallery · CVE-2015-1785
**Name of the Vulnerable Software and Affected Versions** nextgen-galery wordpress plugin versions prior to 2.0.77.3 **Description** The issue lies in the validation of user-uploaded files and the lack of security measures to prevent unwanted HTTP requests, allowing an attacker to gain full access to the web application. **Recommendations** For versions prior to 2.0.77.3, update to version 2.0.77.3 or later to resolve the issue. As a temporary workaround, consider restricting access to file upload functionality and limiting HTTP requests to essential ones until the update is applied.