• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 24th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

WordPress Plugin NextGEN Gallery Vulnerable to SQL Injection Attack

March 2nd, 2017 Uzair Amir Security 0 comments
WordPress Plugin NextGEN Gallery Vulnerable to SQL Injection Attack
Share on FacebookShare on Twitter

The NextGen gallery has been plagued with a severe security flaw for the second time in consecutive years, and this time it is even worse.

A web security firm- Sucuri discovered that the NextGen gallery for WordPress (WP) is affected by a severe SQL injection vulnerability and attackers can access the targeted website’s database within minutes including all the sensitive data.

“This is quite a critical issue, If you are using a vulnerable version of this plugin, update as soon as possible!”

More: 10 Ways to Protect Your WordPress Site You Didn’t Know About

There are two possibilities from which the vulnerability can be exploited said Mr. Mihajloski. If a site uses this plugin and the users are allowed to submit posts, an attacker can exploit the issue by executing malicious code via shortcodes, while the other possibility is if a site uses the NextGen basic tag cloud gallery in which case it can be exploited by executing SQL queries by modifying the URL of the gallery.

Up till now, this vulnerability hasn’t been exploited, but with over 1 million active installs of the faulty version of this plugin, one can only assume that havoc can cause if this issue isn’t sorted quickly.

Also, this isn’t the first time that the NextGen plugin has been infected with a critical vulnerability. Last year the experts found out a remote code execution threat posing a massive security threat to the users.

Although this is a vulnerability in WordPress plugin, the CMS itself is not much secure either. Last month security researchers at Sucuri discovered a severe content injection vulnerability in WordPress that would let attackers edit content on the WP based website.

It must be noted that days after the vulnerability was exposed hackers defaced thousands of WP websites.

Simple solution:

In case, you are running NextGen gallery plugin on your website simply update it to the latest version.

  • Tags
  • Cyber Attack
  • Flaw
  • internet
  • security
  • Vulnerability
  • Wordpress
Facebook Twitter LinkedIn Pinterest
Previous article Android Password Manager You Trust Could be Exposing Login Data
Next article Hundreds of Android Apps on Google Play Store Infected with Windows Malware
Uzair Amir

Uzair Amir

I am an Electronic Engineer, an Android Game Developer and a Tech writer. I am into music, snooker and my life motto is 'Do my best, so that I can't blame myself for anything.'

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

39
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

90
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

427

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us