• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

WordPress NextGEN Gallery Plugin <= 0.96 - XSS Vulnerability

T

Tinpeas

New Pleskian
Server operating system version
AlmaLinux 8.9 (Midnight Oncilla)
Plesk version and microupdate number
18.0.60
Hi Guys

This evening WordPress Toolkit is reporting an issue with the WordPress NextGEN Gallery Plugin, I think this is a false positive.

This vulnerability was reported in 2008, the version with the issue is 0.96 and 0.97 fixed it. For reference: WordPress NextGEN Gallery Plugin <= 0.96 - XSS - Patchstack

The NextGEN Gallery Plugin is now on version 3.59.3. I think this issue is because Wordfence updated the date on there page about it today.

I currently have 9 temporarily broken websites due to plugin deactivation, can you advise please?

These reports seem to be getting worse since the Wordfence feed got introduced.

Thanks in advance for your help.

Cheers

Gary
 
You must log in or register to reply here.

Similar threads

T
Resolved WordPress Toolkit Reporting Incorrect Risk Levels Again
Replies
5
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
C
Can I stop Plesk creating tickets to Cloudlinux
Replies
11
Views
2K
Change Maker
C
D
Resolved problem with alert about a vulnerability in a plugin that's already fixed
Replies
1
Views
2K
Daniel-spain
D
Rene van Lieshout
Question WordPress Vulnerabilities -> No updates available
Replies
11
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
A
Facing issue with wordpress plugins because of server security
Replies
3
Views
4K
Peter Debik
P
Back
Top