[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpX1-o_NBhGlaUwZ3S01g4rdBJnFAtvvb92l1XPSh6JU":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-a67eb1fc-4762-4bdc-b0a0-c043c36659d0-nextgen-gallery","nextgen-gallery-php-object-injection","NextGen Gallery \u003C= 3.1.5 - PHP Object Injection","The NextGen Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.1.5. This is due to the plugin unserializing serialized data obtained via user supplied input from the `sortorder` parameter. This makes it possible for authenticated attackers to call arbitrary PHP Objects and achieve remote code execution when the right gadgets are available.","nextgen-gallery",null,"\u003C=3.1.5","3.1.6","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Deserialization of Untrusted Data","2019-02-04 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa67eb1fc-4762-4bdc-b0a0-c043c36659d0?source=api-prod",1814]