CVE-2025-13641

Name of the Vulnerable Software and Affected Versions NextGEN Gallery versions prior to 3.59.12

Description The NextGEN Gallery plugin for WordPress is susceptible to a Local File Inclusion issue. Insufficient path validation allows attackers to provide absolute paths. This enables authenticated attackers with Contributor-level access or higher to include and execute arbitrary PHP files on the server, potentially bypassing web server restrictions. Successful exploitation could lead to information disclosure and code execution within the WordPress environment.

Recommendations Update NextGEN Gallery to a version later than 3.59.12.