french forum give a signal fell security in this plugin
may you say me the reality about that ?
[Plugin: NextGEN Gallery] fell security ? (6 posts)
-
Pense Libre
Posted 3 years ago # -
bee dudler
Posted 3 years ago #Hi,
may you kindly post a link to that Forum thread?
best regards
bee -
Posted 3 years ago #hi, tks for your quick answer, here is :
http://www.wordpress-fr.net/support/sujet-14850-alerte-faille-securite-nextgen-gallery-inferieures in french
inside the link there http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/ in english !
i follow you tks
-
Commeuneimage
Posted 3 years ago #Hi,
The information source is http://blogsecurity.net/wordpress/nextgen-gallery-xss-flaw/The french forum thread is
http://www.wordpress-fr.net/support/viewtopic.php?pid=82612#p82612Regards
-
Posted 3 years ago #Hi,
this already has been discussed on Alex page (which is currently offline -moving) and its a question wether to define this as a security problem, hence you have to be logged in as admin as he told to the wp backend. If you are you can do everything you like anyway putting malicious code anywhere. So to me it seems not to be a security issue.best regards
bee -
A author/editor/admin which has the rights/capabilities to edit galleries can enter any malicious script code inside the description field of a picture.
So if you grant people access to your blog , which you can't trust it's better not to use NextGEN gallery. For me this is not a security problem, because the same can happend at any post/page... And nobody claim this as an XSS.
I'm open for any criticism in this point
Topic Closed
This topic has been closed to new replies.
