SQL Injection Vulnerability in NextGEN Gallery for WordPress

by CIRT Team

Description: WordPress plugin NextGEN Gallery has severe SQL Injection vulnerability. According to the original source, one of the following conditions must be met for exploitation:

1. The use of a NextGEN Basic TagCloud gallery.
2. If users are able to submit posts to be reviewed (contributors).

Impact: This vulnerability allows an unauthenticated user to grab data from the victim’s website database including sensitive user information.

Mitigation: Vendor has released patch version.

• Patched Version: 2.1.79 (Reference: https://wordpress.org/plugins/nextgen-gallery/)

Reference URL’s:

• https://wpvulndb.com/vulnerabilities/8741
• https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html

CIRT Team

Recommended Posts

Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers

08 Feb 2024 - Articles, English articles, Security Advisories & Alerts

বাংলাদেশের আইটি কাঠামোয় তথ্য চুরির ম্যালওয়ারের বিস্তার সম্পর্কে সতর্কতা

18 Jan 2024 - Articles, Bangla Articles, News, Security Advisories & Alerts

সাইবার থ্রেট এলার্টঃ বাংলাদেশকে লক্ষ্য করে চলমান ফিশিং ক্যাম্পেইন

04 Jan 2024 - News, Security Advisories & Alerts