WordPress NextGEN Gallery Plugin <= 1.5.1 - XSS Vulnerability

nextgen-gallery

Software
NextGEN Gallery
Versions
<= 1.5.1
Disclosure date
2010-04-06
CVE
CVE-2010-1186
References
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A3: Cross Site Scripting (XSS)

Are your websites subject to this vulnerability?

Details

This NextGEN Gallery plugin is prone to a cross-site scripting vulnerability. It is really popular plugin for the WordPress content management system, usually found as a blogging platform. The vulnerability manipulates the mode parameter of the xml/media-rss.php script and it results that unsanitized imput can be crafted into an attack by a malicious user.

Solution

Update the plugin. Also you can yse a browser by the server (for the example, Google Chrome, Mozilla Firefox, Opera, Apple Safari), but not Internet Explorer.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.