The NextGEN Gallery plugin for WordPress, which includes features such as Photo Gallery, Sliders, Proofing, and Themes, has a security vulnerability in all versions up to 3.59.8. This vulnerability allows attackers with administrator-level permissions to insert harmful web scripts into pages that will run whenever a user visits those pages. This only affects sites with multiple installations and where unfiltered_html is turned off.