Critical vulnerability fixed in WordPress plugin with 800K installs

Our main site is based on WordPress (like millions of others, about 30% of the total). I have a number of security controls in place including allowing plugins to update themselves and forcing a daily update via cron – both risky but I’d rather be up to date than breached. We don’t use this plugin…:

The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. […]

Original Article