Description
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Published: 2026-03-18
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Authenticated Local File Inclusion/Code Execution
Action: Apply Patch
AI Analysis

Impact

The NextGEN Gallery plugin for WordPress contains a Local File Inclusion vulnerability in the 'template' parameter of gallery shortcodes. Authenticated attackers with Author-level access can force the plugin to include and execute arbitrary .php files stored on the server. This can lead to execution of any PHP code, enabling bypass of access controls, theft of sensitive data, or full code execution where .php uploads are permitted. The weakness corresponds to CWE-98.

Affected Systems

This issue affects the NextGEN Gallery plugin (vendor smub) for WordPress in all versions up to and including 4.0.3, as documented in the vendor references. WordPress sites running the affected plugin with Authors or higher roles are at risk.

Risk and Exploitability

The CVSS score is 8.8 indicating high severity. EPSS is not available; KEV is not listed. The vulnerability requires authenticated access, meaning an attacker must possess Author or higher privileges to exploit it. If such credentials exist, the attacker can supply a crafted 'template' value to include arbitrary PHP, potentially leading to server-side code execution. Administrators should treat this as a high risk due to the local code execution capability.

Generated by OpenCVE AI on March 18, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NextGEN Gallery to the latest available version that addresses the LFI issue.
  • If an upgrade is not immediately possible, restrict Author and higher role access, or disable the shortcodes that use the 'template' parameter.
  • Ensure that the server’s file upload restrictions prevent arbitrary .php files from being stored in locations that can be included.
  • Monitor the WordPress installation for unauthorized file uploads or attempted code execution.

Generated by OpenCVE AI on March 18, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Smub
Smub photo Gallery, Sliders, Proofing And Themes – Nextgen Gallery
Wordpress
Wordpress wordpress
Vendors & Products Smub
Smub photo Gallery, Sliders, Proofing And Themes – Nextgen Gallery
Wordpress
Wordpress wordpress

Wed, 18 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via the 'template' parameter in gallery shortcodes. This makes it possible for authenticated attackers, with Author-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Title Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery <= 4.0.4 - Authenticated (Author+) Local File Inclusion
Weaknesses CWE-98
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Smub Photo Gallery, Sliders, Proofing And Themes – Nextgen Gallery
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:44:12.729Z

Reserved: 2026-01-27T06:46:59.960Z

Link: CVE-2026-1463

cve-icon Vulnrichment

Updated: 2026-03-19T14:50:13.912Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T17:16:05.510

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-1463

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:58:33Z

Weaknesses