The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress has a security vulnerability in versions up to 3.38. If someone with administrator-level access were to use the ‘Select View’ feature in the plugin’s developer tools, they could include and execute files on the server. This could be used to get access to sensitive data, bypass access controls, or even execute code. This is possible because the plugin allows images and other “safe” file types to be uploaded and included.