Popular website CMS WordPress once again comes under threats of getting hacked. A critical SQLinjection vulnerability on one of the popular plugins puts millions of WordPress site under risk.
Security researcher named Slavco Mihajloski, from Sucuri lab discovered a critical SQLinjection vulnerability on NextGEN Gallery plugins, which is installed in more than 1 millions sites. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries.
To have a successful exploitation of the bug, a website would have to be set up to allow users to submit posts to be reviewed. An attacker could create an account on the site and submit a post that contains malformed NextGEN Gallery shortcodes.
Sucuri have assigned 9 out of 10 for its severity. We recommend all web admins using NextGEN Gallery plugins to update it as soon as possible to the latest release.