• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

WordPress NextGEN Gallery Plugin <= 0.96 - XSS Vulnerability

T

Tinpeas

New Pleskian
Server operating system version
AlmaLinux 8.9 (Midnight Oncilla)
Plesk version and microupdate number
18.0.60
Hi Guys

This evening WordPress Toolkit is reporting an issue with the WordPress NextGEN Gallery Plugin, I think this is a false positive.

This vulnerability was reported in 2008, the version with the issue is 0.96 and 0.97 fixed it. For reference: WordPress NextGEN Gallery Plugin <= 0.96 - XSS - Patchstack

The NextGEN Gallery Plugin is now on version 3.59.3. I think this issue is because Wordfence updated the date on there page about it today.

I currently have 9 temporarily broken websites due to plugin deactivation, can you advise please?

These reports seem to be getting worse since the Wordfence feed got introduced.

Thanks in advance for your help.

Cheers

Gary
 
You must log in or register to reply here.

Similar threads

T
Issue WordPress Toolkit Reporting on Fixed Issue
Replies
2
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
K
WordPress Breakdance plugin <= 1.7.2 - Authenticated Remote Code Execution (RCE) vulnerability
Replies
4
Views
2K
KNEET
K
T
Resolved WordPress Toolkit Reporting Incorrect Risk Levels Again
Replies
5
Views
5K
Sebahat.hadzhi
Sebahat.hadzhi
D
Can I stop Plesk creating tickets to Cloudlinux
Replies
11
Views
5K
Deleted member 190352
D
D
Resolved problem with alert about a vulnerability in a plugin that's already fixed
Replies
1
Views
3K
Daniel-spain
D
Back
Top