Vulnerabilities and security researches fornextgen-gallery-voting nextgen-gallery-voting

Mar 26, 2025

CVE, Research URL: CVE-2025-28869
Home page URL: Security reports for NextGEN Gallery Voting
Application: NextGEN Gallery Voting
Date: -
Research Description: NextGEN Gallery Voting [nextgen-gallery-voting] <= 2.7.6 (unfixed + closed) CVE-2025-28869
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 488bd710de9089b64a6d30cba806517c0fb9fdf5
Home page URL: Security reports for NextGEN Gallery Voting
Application: NextGEN Gallery Voting
Date: Dec 17, 2014
Research Description: NextGEN Gallery Voting [nextgen-gallery-voting] < 2.7.6 NextGEN Gallery Voting <= 2.7.5 - Authenticated (Admin+) SQL Injection The NextGEN Gallery Voting plugin for WordPress is vulnerable to SQL Injection via the 'nggv[limit]' parameter in versions up to, and including, [up to affected version] due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable