Vulnerability Found in Popular WordPress Gallery Plugin

TheNextGEN Gallery plugin for WordPress has patched a critical SQL injection vulnerability in its latest update.

The NextGEN Gallery is a WordPress gallery plugin that allows users to enhance the display of images and 3D displays on their sites.

Promoted as the industry’s standard WordPress gallery management system, this plugin has the ability to import metadata, batch upload images, edit thumbnails, group galleries into albums, add images, delete images, rearrange images, sort images and more.

It is ideal for general use but also powerful enough for advanced tasks of imaging professionals, visual artists, and photographers.

In their latest patch, they addressed a critical SQL injection vulnerability.

The plugin’s first version was released in 2007 and has since continued to receive more than 1.5 million new downloads per year.

Users using an outdated version of the WordPress plugin are at risk of an SQL injection vulnerability that was patched in late February.

About the Old Version of NextGEN Gallery

Recently, researchers working at Sucuri discovered a severe SQL injection vulnerability in the plugin’s code.

The vulnerability allows unauthorized users to access the user’s website database, including passwords, credit card information, and other sensitive user information.

They reported that the first attack scenario would happen if users activate the NextGEN Basic TagCloud Gallery option on their WordPress site.

This is a unique feature that allows users to display their image galleries that website visitors can navigate through with tags.

The second way the vulnerability can be exploited by attackers is by allowing contributors to submit posts to be reviewed.

If website managers allow an above task on their WordPress site, they are at risk of attacks on their site databases.

Why this vulnerability developed?

The SQL injection vulnerability occurred because the plugin allowed non-sanitized users to enter a WordPress prepared SQL query.

This practice is typically not allowed because it is equivalent to adding user input into a raw SQL query.

By exploiting this website database vulnerability, attackers can readily retrieve WordPress keys and hashed passwords in certain configurations.

How was the vulnerability discovered?

It took some time for this vulnerability to be discovered.

It was discovered by Sucuri, a globally recognized firm that deals with all matters related to WordPress security.

As part of their auditing tasks, researchers at this firm have been working on NextGEN Gallery to look for potential security issues.

After discovering this vulnerability, they responsibly informed the developers of this plugin of this issue.

Has this vulnerability addressed?

Fortunately, the developers have addressed the SQL vulnerability that might expose WordPress users into possible attacks.

They patched NextGEN Gallery in version 2.1.79 of the plugin.

The fact that the developers have patched the plugin does not mean all users are protected against this vulnerability, though.

Affected users who had installed earlier versions of this plugin need to uninstall the earlier version and install version 2.1.79 of the plugin or simply update the earlier version.

They can do this by downloading the latest version of the plugin from the developers’ site or through their WordPress backend and apply it to their sites.

NextGEN Gallery is not the only WordPress plugin that would expose site owners to potential security risks.

Many websites powered by the WordPress Content Management System use innumerable plugins developed by third parties.

If other WordPress plugins that site owners are using on sites have not been coded properly by the developers, the chances of their websites being compromised is very high.

This may also expose the computers of those who visit the websites to risks.

It is, therefore, important to update early versions and make sure you are protected against security flaws just as you should keep computer software up to date.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.