SQL Injection Vulnerability in NextGEN Gallery for WordPress

by CIRT Team

Description: WordPress plugin NextGEN Gallery has severe SQL Injection vulnerability. According to the original source, one of the following conditions must be met for exploitation:

1. The use of a NextGEN Basic TagCloud gallery.
2. If users are able to submit posts to be reviewed (contributors).

Impact: This vulnerability allows an unauthenticated user to grab data from the victim’s website database including sensitive user information.

Mitigation: Vendor has released patch version.

• Patched Version: 2.1.79 (Reference: https://wordpress.org/plugins/nextgen-gallery/)

Reference URL’s:

• https://wpvulndb.com/vulnerabilities/8741
• https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts