Just wanted to follow up. We're wondering if there may be two issues going on here. The iframe issue clearly seems to be hack. But we also know some users are getting malware notifications because of some old code linking to a NextGEN donor site that has since been hacked (http://wordpress.org/support/topic/plugin-nextgen-gallery-_transient_ngg_request-entry-in-wp_options?replies=15).
We want to confirm whether the malware notices described above are related to or are separate from your original iframe hacking issue.
@toonmstr1 - can you try the solution we suggested in the thread above to see if that removes your malware notifications. If it does, it just means the malware notifications are related to hacked donor site in that thread, and don't represent a serious threat.
@kcharity - can you confirm that you're seeing the same iframe issue as @toonmstr1 originally described, vs just seeing malware notifications? If you are seeing that issue, you'll probably want to do as @toonmstr1 did and delete your NextGEN Gallery plugin files to remove the hack.
Unfortunately, even if you are seeing the same hack, there's no obvious reason to assume that hack used a vulnerability within NextGEN code. It's just as likely that the symptom could be found in the NextGEN code but the problem rooted elsewhere. We'd need to have some kind of more specific information that would help us pinpoint a genuine vulnerability in NextGEN.
If @toonmstr1 removes his malware notifications by following the directions in the thread, that means that any malware notifications aren't related to a security vulnerability either.
The one thing that would really suggest a problem is if @toonmstr1 goes through the solution in that thread, and still finds that malware notifications still appear only when NextGEN Gallery is activated.
Thanks. If you have any other information that's useful for us, let us know.