WordPress.org

Support

Support » Plugins and Hacks » swfupload Cross-Site Scripting Vulnerability

swfupload Cross-Site Scripting Vulnerability

  • I have been getting alerts over the last few days about Nextgen Gallery having a security vulnerability. According to this site:

    A vulnerability has been discovered in the NextGEN Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
    The vulnerability is caused due to a bundled vulnerable version of swfupload.

    You can see more about it here:
    http://secunia.com/advisories/51271/
    However, these warnings were posted only a day after 11/13/12, when a new update of NextGen Gallery was released (see here). According to the changelog:

    Removed bundled version of swfupload

    So why are these alerts appearing now, after the bundled version of swfupload was supposedly removed?

  • The topic ‘swfupload Cross-Site Scripting Vulnerability’ is closed to new replies.