The NextGEN Gallery plugin for WordPress, which allows users to create photo galleries, has a security vulnerability that could allow hackers to inject harmful code into the plugin’s settings. This could potentially affect any version up to 3.59 and could only be exploited by authenticated attackers with high-level permissions. It mainly affects multi-site installations and those with unfiltered_html disabled.