Miembros de
Boletines de Vulnerabilidades |
Severe Vulnerabilities Patched in NextGen Gallery Affect over 800,000 WordPress Sites |
|
Información sobre el sistema |
|
| Software afectado | Wordpress |
Descripción |
|
|
On December 14, 2020, the Wordfence Threat Intelligence team finished researching two Cross-Site Request Forgery (CSRF) vulnerabilities in NextGen Gallery, a WordPress plugin with over 800,000 installations, including a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS). Exploitation of these vulnerabilities could lead to a site takeover, malicious redirects, […] More info: https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/ |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2020-35942 and CVE-2020-35943. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2021-02-10 |