Shadowbox JS Plugin Breaks WordPress
Just a quick alert: the latest version (v. 188.8.131.52) of the popular Shadowbox JS plugin for WordPress has a serious bug that exposes your WordPress installation to a major security risk. Incorrectly coded handling of the “player” tag causes all of your NexGEN Gallery images to be displayed on any page that also has single images embedded via WordPress “Add an Image” function.
This is an uncharacteristic flop by Matt Martz, the principal developer of Shadowbox JS, showing poor functional and regression testing practices. To make things worse, this is not the first time Shadowbox JS had this exact problem: just over a month ago this issue appeared and was promptly fixed. Now it’s back again.
There is no fix for now. The status of the Shadowbox JS plugin on the WordPress plugins pages is currently “Broken”. The plugin’s author is aware of the issue and an update should be coming out shortly. However, given the recent history of recurring problems with Shadowbox JS and their highly disruptive nature, I would recommend permanently disabling this plugin and replacing it with an alternative. There are several available.
Update: An update for Shadowbox JS has been released a few days ago that fixed the undesired interaction with NexGEN Gallery.