SQL Injection Vulnerability in NextGEN Gallery for WordPress

Description: WordPress plugin NextGEN Gallery has severe SQL Injection vulnerability. According to the original source, one of the following conditions must be met for exploitation:

  1. The use of a NextGEN Basic TagCloud gallery.
  2. If users are able to submit posts to be reviewed (contributors).

Impact: This vulnerability allows an unauthenticated user to grab data from the victim’s website database including sensitive user information.

Mitigation: Vendor has released patch version.

Reference URL’s: