CVE-2020-35943

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Nextgen Gallery
Vendor: CVE Published:; 9 February 2021

Summary

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)

References

https://www.wordfence.com/blog/2021/02/severe-vulnerabili...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 9, 2021
Vulnerability Reserved
Jan 1, 2021