AI Score
Confidence
High
EPSS
Percentile
27.4%
A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)
www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/