Author Topic: Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin  (Read 40 times)

0 Members and 1 Guest are viewing this topic.

Offline Quizmaster

  • Flying Nurse
  • Seasonal Competition Team
  • *
  • Posts: 23301
    • Smokey's Security Forums
  • .: Surf Queen
Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin
« Reply #1 on: February 28, 2017, 01:53:35 AM »
Critical SQL Injection Vulnerability Found in NextGEN Gallery WordPress Plugin
27 February 2017, 11:49 pm

A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowing users to grab data from the victim's website database, which may very well include sensitive user information. 

The discovery was made by researchers from Sucuri who were working on discovering vulnerabilities for the Sucuri Firewall. For this project, they've been auditing multiple open source project looking for security issues, before stumbling upon NextGen Gallery, which is one of the most used gallery plugins on WordPress, with over 16.5 million downloads. 

How can you tell if you're at risk? Well, the vulnerability can be exploited by attackers in two different scenarios, researchers say. The first is if you use a NextGen Basic TagCloud Gallery on your site, or if you allow your users to submit posts to be reviewed, which is common for blogs with numerous contributors. 

"The issue existed because NextGEN Gallery allowed improperly sanitized user input WordP... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<

 


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques



Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks