WordPress Plugin Vulnerability puts Millions at Risk

Popular website CMS WordPress once again comes under threats of getting hacked. A critical SQLinjection vulnerability on one of the popular plugins puts millions of WordPress site under risk.

Security researcher named Slavco Mihajloski, from Sucuri lab discovered a critical SQLinjection vulnerability on NextGEN Gallery plugins, which is installed in more than 1 millions sites. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries.

To exploit the vulnerability, attackers would have to create a feature found in the PHP programming language known as the $container_ids string. Untrusted visitors could achieve this against sites that use the NextGEN Basic TagCloud gallery feature by making slight modifications to the gallery URL.

"With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare's behavior to add attacker controlled code to the executed query," Monday's blog post explained.

To have a successful exploitation of the bug, a website would have to be set up to allow users to submit posts to be reviewed. An attacker could create an account on the site and submit a post that contains malformed NextGEN Gallery shortcodes.

Sucuri have assigned 9 out of 10 for its severity. We recommend all web admins using NextGEN Gallery plugins to update it as soon as possible to the latest release.