• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

WordPress NextGEN Gallery Plugin <= 0.96 - XSS Vulnerability

Tinpeas

New Pleskian
Server operating system version
AlmaLinux 8.9 (Midnight Oncilla)
Plesk version and microupdate number
18.0.60
Hi Guys

This evening WordPress Toolkit is reporting an issue with the WordPress NextGEN Gallery Plugin, I think this is a false positive.

This vulnerability was reported in 2008, the version with the issue is 0.96 and 0.97 fixed it. For reference: WordPress NextGEN Gallery Plugin <= 0.96 - XSS - Patchstack

The NextGEN Gallery Plugin is now on version 3.59.3. I think this issue is because Wordfence updated the date on there page about it today.

I currently have 9 temporarily broken websites due to plugin deactivation, can you advise please?

These reports seem to be getting worse since the Wordfence feed got introduced.

Thanks in advance for your help.

Cheers

Gary
 
Back
Top