Just in time for Christmas.
Ok - just kidding. But we did patch a tiny security issue. Long story short, there was a way for a user of the site (yes someone with actual credentials to the WordPress backend) to run an XSS and potentially gain access to the server.
It would be rare for it to happen as you would have to provide access to your WordPress backend and give the person permissions to manage a gallery. Then, the person would need to know the specific XSS script and be malicious enough to use it.
So no need to worry. Simply update and you will be ok.
Backup Before Upgrading
Please consider backing up your site (both server files & MySQL Database) whenever updating plugins. Here are some backup recommendations.
Download NextGEN Gallery from our WordPress gallery plugin page on WordPress.org or visit the Plugin page in your WordPress admin area to utilize the auto-update feature.
Changes in 2.2.33:
- Fixed: Certain image attributes were not being validated correctly
For the history of changes, view the full changelog.