Moderately critical flaws were discovered in NextGEN Gallery plugin for WordPress. Vulnerabilities are due to improper sanitisation of parameters in admin/manage-galleries.php, admin/manage-images.php and admin/manage.php. Flaws were found in versions prior to 1.91. Users should upgrade to version 1.9.1.

Source: Secunia
20.01.2012