CVE-2020-35942 — HIGH (8.8)

Q: How severe is CVE-2020-35942?

CVE-2020-35942 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-35942?

Check the references section above for vendor advisories and patch information. Affected products include: Imagely Nextgen Gallery.

Vulnerability Description

A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Execution and XSS. (It is possible to bypass CSRF protection by simply not including a nonce parameter.)

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Imagely	Nextgen Gallery	< 3.5.0

Related Weaknesses (CWE)

CWE-79 CWE-352

References

https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgenExploitThird Party Advisory
https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgenExploitThird Party Advisory

FAQ

What is CVE-2020-35942?

CVE-2020-35942 is a vulnerability with a CVSS score of 8.8 (HIGH). A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugin before 3.5.0 for WordPress allows File Upload and Local File Inclusion via settings modification, leading to Remote Code Executi...

How severe is CVE-2020-35942?

CVE-2020-35942 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-35942?

Check the references section above for vendor advisories and patch information. Affected products include: Imagely Nextgen Gallery.