The NextGEN Gallery plugin for WordPress, which includes features like Photo Gallery, Sliders, Proofing, and Themes, has a security vulnerability. This vulnerability allows attackers with administrator-level permissions to inject harmful web scripts into pages that will run whenever a user visits the page. This vulnerability only affects multi-site installations and installations where a specific security setting has been disabled.