The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration).
[
{
"product": "NextGen Gallery plugin",
"vendor": "Imagely",
"versions": [
{
"lessThan": "2.1.57",
"status": "affected",
"version": "2.1.57",
"versionType": "custom"
}
]
}
]