Title:Persistent XSS in NextCellent Gallery 1.9.13 WordPress plugin
The user supplied data for the Alt & Title Text field isn't escaped before being printed out in the value field:

from nextcellent-gallery-nextgen-legacy/admin/manage-images.php lines:
503 > 
504 " name="alttext[]" type="text" style="width:95%; margin-bottom: 2px;" value="alttext) ?>" 
The HTML code produced is:

 "<" />
Any user with "NextGEN Upload images" or "NextGEN Manage gallery" or "NextGEN Manage others gallery" access can conduct an XSS attack against a user with the Administrator role, in order to gain privileges.