The NextGEN Gallery plugin for WordPress is vulnerable to a type of attack called Cross-Site Request Forgery. This means that in versions up to and including 3.37, attackers can trick a site administrator into clicking a link and dismissing notices without the administrator’s knowledge. This is because the plugin fails to validate certain information correctly.