XSS Vulnerability in NextGEN Gallery Wordpress Plugin


"An XSS[1] vulneravility has been discovered in NextGEN Gallery[2], a
very popular and commonly used plugin for the Wordpress content
management system commonly found as a blogging platform. This
vulnerability results from reflected unsanitized imput that can be
crafted into an attack by a malicious user by manipulating the mode
parameter of the xml/media-rss.php script."

Vulnerable packages

* NextGEN Gallery 1.5.0
* NextGEN Gallery 1.5.1
* Older versions are probably affected too, but they were not checked.

Non-vulnerable packages

* NextGEN Gallery 1.5.2

It is recommended that Wordpress users that use Gallery update to v1.5.2.