• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

WordPress NextGEN Gallery Plugin <= 0.96 - XSS Vulnerability

T

Tinpeas

New Pleskian
Server operating system version
AlmaLinux 8.9 (Midnight Oncilla)
Plesk version and microupdate number
18.0.60
Hi Guys

This evening WordPress Toolkit is reporting an issue with the WordPress NextGEN Gallery Plugin, I think this is a false positive.

This vulnerability was reported in 2008, the version with the issue is 0.96 and 0.97 fixed it. For reference: WordPress NextGEN Gallery Plugin <= 0.96 - XSS - Patchstack

The NextGEN Gallery Plugin is now on version 3.59.3. I think this issue is because Wordfence updated the date on there page about it today.

I currently have 9 temporarily broken websites due to plugin deactivation, can you advise please?

These reports seem to be getting worse since the Wordfence feed got introduced.

Thanks in advance for your help.

Cheers

Gary
 
You must log in or register to reply here.

Similar threads

T
Resolved WordPress Toolkit Reporting Incorrect Risk Levels Again
Replies
5
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
C
Can I stop Plesk creating tickets to Cloudlinux
Replies
11
Views
2K
Change Maker
C
D
Resolved problem with alert about a vulnerability in a plugin that's already fixed
Replies
1
Views
1K
Daniel-spain
D
Rene van Lieshout
Question WordPress Vulnerabilities -> No updates available
Replies
11
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
A
Facing issue with wordpress plugins because of server security
Replies
3
Views
4K
Peter Debik
P
Back
Top