All too often we see that very serious security issues are not treated with the significance they should. What doesn’t help that situation is when security companies and other in the security community take relatively minor issues and try to make them in to something much larger than they actually are. Let’s take a look at an example that we came across the other day while reviewing new reports of vulnerabilities in WordPress plugins.

A company named Cyber Security Works put out a report claiming there is a “High” risk cross-site scripting vulnerability in the NextGEN Gallery plugin. The vulnerability report describes it as such: [Read more]