NextGEN Gallery by Imagely <= 3.28 - Thumbnail Modification via CSRF
LANACOMMONVDB ID: f963f9c9-0e35-4ffd-bd6d-125bb7d8ada5
The plugin does not have Cross-Site Request Forgery (CSRF) check when modify the thumbnail, which could allow attackers to make logged in users with the edit_post capability to perform such action via a Cross-Site Request Forgery (CSRF) attack.