The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is a vulnerable piece of software. All versions up to, and including, 3.38 have a security issue that allows attackers with administrative-level access or higher to inject a malicious code. This code can be used to delete files, access sensitive data, or execute instructions. There is no protection in place on the vulnerable plugin itself, and if another plugin or theme is installed on the target system, the malicious code could become more powerful.