Critical vulnerability in WordPress plugin puts over a million websites at risk; update now

A critical vulnerability has been discovered in a very popular WordPress plugin. The bug may allow hackers to steal password data and encryption keys from databases.

The bug was reported by Slavco Mihajloski and details were published on Sucuri’s blog. Sucuri is a web security firm. The bug affects a plugin called NextGEN Gallery and only affects sites that allow users to submit posts to be reviewed.

In layman’s terms, the bug allows anyone to submit malicious code into a website’s SQL database. As Mihailoski puts it, “NextGEN Gallery allowed improperly sanitised user input in a WordPress prepared SQL query.” He adds, "an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare's behavior to add attacker controlled code to the executed query." Sucuri has rated the bug’s severity at 9/10.

The plugin in question is very popular and at last count, has over a million installs. ArsTechnica reports that the plugin has been fixed in version 2.1.79 of the plugin, the patch notes don’t refer to the bug, however.

As with all such vulnerabilities, please ensure that you’ve updated your plugin to the latest version. As mentioned earlier, the latest version is 2.17.79 and the update was released on the 23 February.

Published Date: Mar 01, 2017 04:11 pm | Updated Date: Mar 01, 2017 04:11 pm