Description
WordPress Plugin NextGEN Gallery-WordPress Gallery is prone to multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks may also be possible. WordPress Plugin NextGEN Gallery-WordPress Gallery version 1.9.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.9.1 or latest
References
Related Vulnerabilities
WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)
Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10356)
PHP Resource Management Errors Vulnerability (CVE-2014-0237)
WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)