CVE-2020-35943

Name of the Vulnerable Software and Affected Versions: NextGEN Gallery plugin versions prior to 3.5.0

Description: A Cross-Site Request Forgery (CSRF) issue allows File Upload by bypassing CSRF protection, which can be achieved by not including a nonce parameter.

Recommendations: For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider implementing additional validation for the nonce parameter in the affected API endpoint until a patch is available. Restrict access to the file upload functionality to minimize the risk of exploitation.