NextGEN Gallery
swfupload Cross-Site Scripting Vulnerability (1 post)

  1. tconner
    Posted 3 years ago #

    I have been getting alerts over the last few days about Nextgen Gallery having a security vulnerability. According to this site:

    A vulnerability has been discovered in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
    The vulnerability is caused due to a bundled vulnerable version of swfupload.

    You can see more about it here:
    However, these warnings were posted only a day after 11/13/12, when a new update of NextGen Gallery was released (see here). According to the changelog:

    Removed bundled version of swfupload

    So why are these alerts appearing now, after the bundled version of swfupload was supposedly removed?

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • NextGEN Gallery
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic