Entries by Louie Augarde

CSRF And Unsafe Arbitrary File Upload In NextGEN Gallery Plugin (2.0.77.0) For WordPress

1      Introduction Please note the vulnerability detailed in this blog article was first discovered on Monday 9th March 2015, disclosed and discussed with the company concerned on March 10th and a patch was released on March 12th. 1.1    Versions and CVE Currently tested on NextGEN Gallery >=2.0.77.0 and WordPress 4.1.1 CVE-2015-1784 NextGEN Gallery WordPress: file […]