Description
WordPress Plugin NextGEN Gallery-WordPress Gallery is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin NextGEN Gallery-WordPress Gallery version 2.1.7 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.1.9 or latest
References
Related Vulnerabilities
Chamilo Missing Authorization Vulnerability (CVE-2019-1000017)
WordPress Plugin VikRentCar Car Rental Management System Cross-Site Request Forgery (1.1.6)
Oracle JRE CVE-2013-2472 Vulnerability (CVE-2013-2472)
Drupal Core 8.6.x Multiple Vulnerabilities (8.6.0 - 8.6.5)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1817)