CVE-2010-1186

Exp

Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

Published: 2010-04-07 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2010-1186 is rated High Exploit Risk (67.6/100): CVSS Medium severity, with high exploitation likelihood (EPSS 4.73%, 91th percentile). Core evidence: 3 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +3.63% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2010-1186

EDB-ID Source Kind Published Link
12098 exploit_db edb 2010-04-06 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2010-1186

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.10% 4.73% +3.63%
2 2026-04-23 0.81% 1.10% +0.29%
3 2025-12-28 0.81%

Full EPSS history (18 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-1186

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
8.6 2.9 [email protected]

Weakness enumeration for CVE-2010-1186

Affected software / configurations for CVE-2010-1186

Vendor Product Version Raw CPE
alex_rabe nextgen_gallery <= 1.5.1 cpe:2.3:a:alex_rabe:nextgen_gallery:*:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.33 cpe:2.3:a:alex_rabe:nextgen_gallery:0.33:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.34 cpe:2.3:a:alex_rabe:nextgen_gallery:0.34:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.35 cpe:2.3:a:alex_rabe:nextgen_gallery:0.35:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.36 cpe:2.3:a:alex_rabe:nextgen_gallery:0.36:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.37 cpe:2.3:a:alex_rabe:nextgen_gallery:0.37:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.39 cpe:2.3:a:alex_rabe:nextgen_gallery:0.39:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.40 cpe:2.3:a:alex_rabe:nextgen_gallery:0.40:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.41 cpe:2.3:a:alex_rabe:nextgen_gallery:0.41:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.42 cpe:2.3:a:alex_rabe:nextgen_gallery:0.42:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.43 cpe:2.3:a:alex_rabe:nextgen_gallery:0.43:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.50 cpe:2.3:a:alex_rabe:nextgen_gallery:0.50:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.51 cpe:2.3:a:alex_rabe:nextgen_gallery:0.51:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.52 cpe:2.3:a:alex_rabe:nextgen_gallery:0.52:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.60 cpe:2.3:a:alex_rabe:nextgen_gallery:0.60:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.61 cpe:2.3:a:alex_rabe:nextgen_gallery:0.61:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.62 cpe:2.3:a:alex_rabe:nextgen_gallery:0.62:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.63 cpe:2.3:a:alex_rabe:nextgen_gallery:0.63:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.64 cpe:2.3:a:alex_rabe:nextgen_gallery:0.64:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.70 cpe:2.3:a:alex_rabe:nextgen_gallery:0.70:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.71 cpe:2.3:a:alex_rabe:nextgen_gallery:0.71:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.72 cpe:2.3:a:alex_rabe:nextgen_gallery:0.72:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.73 cpe:2.3:a:alex_rabe:nextgen_gallery:0.73:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.74 cpe:2.3:a:alex_rabe:nextgen_gallery:0.74:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.80 cpe:2.3:a:alex_rabe:nextgen_gallery:0.80:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.81 cpe:2.3:a:alex_rabe:nextgen_gallery:0.81:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.82 cpe:2.3:a:alex_rabe:nextgen_gallery:0.82:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.83 cpe:2.3:a:alex_rabe:nextgen_gallery:0.83:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.90 cpe:2.3:a:alex_rabe:nextgen_gallery:0.90:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.91 cpe:2.3:a:alex_rabe:nextgen_gallery:0.91:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.92 cpe:2.3:a:alex_rabe:nextgen_gallery:0.92:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.93 cpe:2.3:a:alex_rabe:nextgen_gallery:0.93:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.94 cpe:2.3:a:alex_rabe:nextgen_gallery:0.94:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.95 cpe:2.3:a:alex_rabe:nextgen_gallery:0.95:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.96 cpe:2.3:a:alex_rabe:nextgen_gallery:0.96:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.97 cpe:2.3:a:alex_rabe:nextgen_gallery:0.97:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.98 cpe:2.3:a:alex_rabe:nextgen_gallery:0.98:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 0.99 cpe:2.3:a:alex_rabe:nextgen_gallery:0.99:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.0.0 cpe:2.3:a:alex_rabe:nextgen_gallery:1.0.0:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.0.1 cpe:2.3:a:alex_rabe:nextgen_gallery:1.0.1:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.0.2 cpe:2.3:a:alex_rabe:nextgen_gallery:1.0.2:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.1.0 cpe:2.3:a:alex_rabe:nextgen_gallery:1.1.0:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.2.0 cpe:2.3:a:alex_rabe:nextgen_gallery:1.2.0:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.2.1 cpe:2.3:a:alex_rabe:nextgen_gallery:1.2.1:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.3.0 cpe:2.3:a:alex_rabe:nextgen_gallery:1.3.0:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.3.1 cpe:2.3:a:alex_rabe:nextgen_gallery:1.3.1:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.3.2 cpe:2.3:a:alex_rabe:nextgen_gallery:1.3.2:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.3.3 cpe:2.3:a:alex_rabe:nextgen_gallery:1.3.3:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.3.4 cpe:2.3:a:alex_rabe:nextgen_gallery:1.3.4:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.3.5 cpe:2.3:a:alex_rabe:nextgen_gallery:1.3.5:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.3.6 cpe:2.3:a:alex_rabe:nextgen_gallery:1.3.6:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.4.0 cpe:2.3:a:alex_rabe:nextgen_gallery:1.4.0:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.4.1 cpe:2.3:a:alex_rabe:nextgen_gallery:1.4.1:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.4.2 cpe:2.3:a:alex_rabe:nextgen_gallery:1.4.2:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.4.3 cpe:2.3:a:alex_rabe:nextgen_gallery:1.4.3:*:*:*:*:*:*:*
alex_rabe nextgen_gallery 1.5.0 cpe:2.3:a:alex_rabe:nextgen_gallery:1.5.0:*:*:*:*:*:*:*

References for CVE-2010-1186

cvelogic Threat Intelligence