You can now find Cyber Kendra on Google News | Telegram

WordPress Plugin Vulnerability puts Millions at Risk

NextGEN Gallery plugins Vulnerability puts millions of sites at risk

Popular website CMS WordPress once again comes under threats of getting hacked. A critical SQLinjection vulnerability on one of the popular plugins puts millions of WordPress site under risk.

Security researcher named Slavco Mihajloski, from Sucuri lab discovered a critical SQLinjection vulnerability on NextGEN Gallery plugins, which is installed in more than 1 millions sites. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries.

To exploit the vulnerability, attackers would have to create a feature found in the PHP programming language known as the $container_ids string. Untrusted visitors could achieve this against sites that use the NextGEN Basic TagCloud gallery feature by making slight modifications to the gallery URL.

"With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare's behavior to add attacker controlled code to the executed query," Monday's blog post explained.

To have a successful exploitation of the bug, a website would have to be set up to allow users to submit posts to be reviewed. An attacker could create an account on the site and submit a post that contains malformed NextGEN Gallery shortcodes.

Sucuri have assigned 9 out of 10 for its severity. We recommend all web admins using NextGEN Gallery plugins to update it as soon as possible to the latest release.

1 comment

  1. I have never used NextGEN Gallery :P
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.