WordPress Plugin Vulnerability Affects up to One Million Users | AWESEM

Are you one of the 1,000,000 users running the NextGEN Gallery plugin on your WordPress site? If so, it’s imperative that you update the plugin immediately. An SQL injection bug has been identified in earlier versions of the plugin, meaning you’re at risk of the vulnerability being exploited unless you’re running the latest version of the plugin.

Sucuri covered the issue earlier this week and shared both the exploit scenarios and the technical details for those who are interested in peeking under the hood. Those who run the plugin or allow contributors to submit posts to their site are at risk, and the vulnerability is being listed as severe as it allows unauthenticated users to steal sensitive user data from your website database.

As in all cases when a vulnerability has been identified, we urge you to update the plugin immediately. While you’re there, it’s well worth taking an extra two minutes to ensure your theme, all plugins and WordPress version are fully up to date as well.

No comments yet.

Leave a comment

Comment form

All fields marked (*) are required

Telephone

+44 (0) 20 7193 1411

Address

Portland House
Bressenden Place
London, SW1E 5RS, UK

Project Enquiry

Want to talk to us about a project?
Contact us here