Log out
Get PRO

Latest

Input validation vulnerability in WordPress Gallery Plugin – NextGEN Gallery 1.9.7

  • Severity: medium-risk
  • Status: Fixed
  • Publication: June 14, 2012

The NextGen Gallery plugin for WordPress is vulnerable to a type of cyber attack known as Reflected Cross-Site Scripting. This type of attack occurs when a hacker is able to embed malicious code into a page viewed by a user. In this case, vulnerable versions of the NextGen Gallery plugin up to and including 1.9.7 are susceptible to this attack, as the plugin does not properly sanitize input or escape output, making it easy for hackers to trick users into clicking on a malicious link or performing an action.

Detected in:

NextGEN Gallery – Create an Amazing Photo Gallery in Seconds fixed vulnerable versions:
Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery fixed vulnerable versions:
WordPress Gallery Plugin – NextGEN Gallery fixed vulnerable versions: >= * <= 1.9.7

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.