Severe Vulnerabilities Patched in NextGen Gallery Affect over 800,000 WordPress Sites
|
Información sobre el sistema
|
|
|
Software afectado |
Wordpress |
Descripción
|
On December 14, 2020, the Wordfence Threat Intelligence team finished researching two Cross-Site Request Forgery (CSRF) vulnerabilities in NextGen Gallery, a WordPress plugin with over 800,000 installations, including a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS). Exploitation of these vulnerabilities could lead to a site takeover, malicious redirects, […]
More info:
https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/ |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2020-35942 and CVE-2020-35943. |