Two Cross-Site Request Forgery (CSRF) vulnerabilities were discovered in NextGen Gallery, a WordPress plugin installed in over 800,000 WordPress websites. Malicious attackers could potentially exploit these vulnerabilities leading to a site takeover, malicious redirects, spam injection, phishing, and much more.
A security patch has since been released to address these vulnerabilities.
For more information, please check the official public release.
If you have questions, don’t hesitate to contact our support team.