Are you one of the 1,000,000 users running the NextGEN Gallery plugin on your WordPress site? If so, it’s imperative that you update the plugin immediately. An SQL injection bug has been identified in earlier versions of the plugin, meaning you’re at risk of the vulnerability being exploited unless you’re running the latest version of the plugin.
Sucuri covered the issue earlier this week and shared both the exploit scenarios and the technical details for those who are interested in peeking under the hood. Those who run the plugin or allow contributors to submit posts to their site are at risk, and the vulnerability is being listed as severe as it allows unauthenticated users to steal sensitive user data from your website database.
As in all cases when a vulnerability has been identified, we urge you to update the plugin immediately. While you’re there, it’s well worth taking an extra two minutes to ensure your theme, all plugins and WordPress version are fully up to date as well.