1. Erick Danzer

    Hey Jeff – thanks for sharing this. Now that the vulnerability is announced, the more people see it and update the better. Thanks for including my note as well.

    One quick point: while the vulnerability is a serious one, it only affects NextGEN tag cloud displays. Those are the least commonly used NextGEN display. I’d estimate that the vulnerability affects less than 5% of NextGEN installs, probably less than 1%.

    Even so, we’d rather have people update quickly.

    Erick (CEO, Imagely)


  2. Suanlian Tangpua

    Sad news..but thanks for sharing it.


  3. Neo

    Again i believe the sucuri team should have kept their mouth shut until nextgen confirms that most of their websites are updated and added it to the update list. With bringing this into the open they again are responsible for websites getting hacked like they did with the rest api leak in wp 4.7.1 and below and with the revslider 4.2.0 and below.

    Their eager to be first with such news is bad for websites using the nextgen plugin. Nextgen had a very good reason not to list this in the update buglist overview.


    • Miroslav Glavic

      Neo, How can sites be updated if the owners/admins don’t know about it?

      I certainly don’t want NextGen, WordPress or any other theme/plugin author to do an automatic update. I turned those updates off on ALL my sites.

      Nothing against NextGen Gallery, I used that plugin for many years, before current owners.


  4. John Locke

    I had a couple of clients with NextGEN on their sites. News like this helped me update their sites quickly and keep them safe from this vulnerability.


Comments are closed.

%d bloggers like this: