File Upload Vulnerability in NextGEN Gallery Plugin for WordPress
CVE-2013-3684

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: Nextgen Gallery
Vendor: CVE Published:; 11 February 2020

Summary

The NextGEN Gallery plugin for WordPress, versions prior to 1.9.13, is susceptible to an insecure file upload vulnerability. This flaw allows an attacker to upload malicious files through the ngggallery.php script, posing significant security risks. By exploiting this vulnerability, attackers could potentially execute arbitrary code on the server hosting the WordPress site, leading to unauthorized access and data breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/85012

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/85011

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2020
Vulnerability Reserved
May 28, 2013