Description
WordPress Plugin NextGEN Gallery-WordPress Gallery is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. WordPress Plugin NextGEN Gallery-WordPress Gallery version 0.96 is vulnerable; other versions may also be affected.
Remediation
Update to the latest version
References
Related Vulnerabilities
PostgreSQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2020-25694)
Atlassian Confluence Asymmetric Resource Consumption (Amplification) Vulnerability (CVE-2025-22166)
MediaWiki CVE-2021-42049 Vulnerability (CVE-2021-42049)
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067)