+44 0330 223 3428
Call Us
+44 0330 223 3428

WPTavern: NextGEN Gallery Patches Critical SQL Injection Vulnerability

WPTavern: NextGEN Gallery Patches Critical SQL Injection Vulnerability

Slavco Mihajloski, security researcher at Sucuri, has discovered a critical SQL injection vulnerability in NextGEN Gallery, a popular WordPress plugin that’s active on more than a million sites.

Mihajloski gives the vulnerability a 9 out of 10 on Sucuri’s DREAD scale. Dread stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.

Each category receives a score between 0 and 10. The DREAD score is obtained by adding the totals from each category and then dividing by five. The higher the score, the more severe the vulnerability.

The SQL injection vulnerability affects NextGEN Gallery versions 2.1.77 and below. Version 2.1.79 is patched and was released four days ago. Those who use NextGEN basic tagcloud gallery or allow visitors to submit posts to be reviewed by contributors are especially at risk.

“This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information,” Mihajloski said.

“This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query, which is basically the same as adding user input inside a raw SQL query. Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys, in certain configurations.”

Although 2.1.79 patches the vulnerability, the plugin’s changelog doesn’t indicate a critical security issue was fixed. Eric Danzer, Founder and CEO of Imagely, makers of NextGEN Gallery, explained on Twitter why it’s not mentioned in the changelog.

Users are strongly encouraged to update NextGEN Gallery to version 2.1.79 as soon as possible.



Source: WordPress

Related Post
Matt: On React and WordPress

Matt: On React and WordPress Big companies like to bury unpleasant news on Fridays: A few weeks ago, Facebook announced they have decided to dig in on their patent clause addition to the React license, even after Apache had said it’s no longer allowed for Apache.org projects. In their words, removing the patent clause would […]

Read more
WPTavern: First WordCamp Dublin Set for October 14-15

WPTavern: First WordCamp Dublin Set for October 14-15 photo credit: Ireland.com Following up on the success of WordCamp Belfast last October, the WordPress community in Dublin will be hosting its first WordCamp October 14-15. Both camps began the early stages of planning last year and the two communities have shared some of the same organizers […]

Read more
WPTavern: GitHub Partners with Facebook to Release Atom-IDE

WPTavern: GitHub Partners with Facebook to Release Atom-IDE GitHub announced the launch of Atom-IDE this week, a new set of packages that extend its open source JavaScript-powered code editor to include IDE-like functionality. This first release includes packages that support TypeScript, Flow, JavaScript, Java, C#, and PHP. “The start of this journey includes smarter context-aware […]

Read more

Leave a Reply

Your email address will not be published.