While researching the newer Plogger issues, a CVE analyst found the following diff: http://masendav.com/~duke/PloggerChanges_files/FileComparisonReport5.html gallery.php was modified to use intval() on both id and page parameters. The file change was also on Dec 14, a day after r0t's original bug report. - Steve