Unpatched sites could get pwned – but admins must fall for social engineering
Users of NextGEN Gallery, the image management plugin for WordPress, have been urged to update their websites after the discovery of serious cross-site request forgery (CSRF) vulnerabilities.
The most serious of two flaws found by security researchers – each residing in separate functions – could lead to remote code execution (RCE) and stored cross-site scripting (XSS).
As a result, attackers could take control of a website, inject it with spam links, or redirect…
More Info
