• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

WordPress NextGEN Gallery Plugin <= 0.96 - XSS Vulnerability

Tinpeas

New Pleskian
Server operating system version
AlmaLinux 8.9 (Midnight Oncilla)
Plesk version and microupdate number
18.0.60
Hi Guys

This evening WordPress Toolkit is reporting an issue with the WordPress NextGEN Gallery Plugin, I think this is a false positive.

This vulnerability was reported in 2008, the version with the issue is 0.96 and 0.97 fixed it. For reference: WordPress NextGEN Gallery Plugin <= 0.96 - XSS - Patchstack

The NextGEN Gallery Plugin is now on version 3.59.3. I think this issue is because Wordfence updated the date on there page about it today.

I currently have 9 temporarily broken websites due to plugin deactivation, can you advise please?

These reports seem to be getting worse since the Wordfence feed got introduced.

Thanks in advance for your help.

Cheers

Gary
 
Back
Top