{"id":4110,"date":"2017-03-01T03:46:13","date_gmt":"2017-03-01T08:46:13","guid":{"rendered":"http:\/\/local.brightwhiz\/?p=4110"},"modified":"2017-03-01T03:46:13","modified_gmt":"2017-03-01T08:46:13","slug":"nextgen-gallery-wordpress-plugin-flaw","status":"publish","type":"post","link":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/","title":{"rendered":"Researchers Find Severe Flaw in NextGEN Gallery WordPress Plugin"},"content":{"rendered":"<p>Researchers have found a severe vulnerability in NextGEN Gallery, a <a href=\"\/\/local.brightwhiz\/tag\/wordpress\/\">WordPress<\/a> plugin with more than 1 million installations worldwide making as many websites vulnerable to this critical flow.<!--more--><\/p>\n<p>NextGEN Gallery probably the most popular WordPress image gallery plugin has been found with a severe SQL injection bug that potentially allows attackers to extract password data, secret keys and other confidential information from affected <a href=\"\/\/local.brightwhiz\/tag\/mysql\/\">MySQL<\/a> <a href=\"\/\/local.brightwhiz\/tag\/database\/\">databases<\/a>.<\/p>\n<p>Slavco Mihajloski, a researcher with Web security firm Sucuri, wrote in a <a href=\"https:\/\/blog.sucuri.net\/2017\/02\/sql-injection-vulnerability-nextgen-gallery-wordpress.html\" target=\"_blank\" rel=\"noopener\">blog post<\/a> &#8220;If you&#8217;re using a vulnerable version of this plugin, update as soon as possible.&#8221; and that is what we are advising here as well. Sucuri has given this a severity rating of 9 out of a possible 10 points to the vulnerability. That is very high.<\/p>\n<p>An attacker could add extra sprintf\/printf directives to the SQL query and use $wpdb-&gt;prepare&#8217;s behavior to add attacker controlled code to the executed query the $container_ids string found in <a href=\"\/\/local.brightwhiz\/tag\/php\/\">PHP<\/a>. This attack targets the NextGEN Basic Tag Cloud gallery feature by modifying the gallery URL.<\/p>\n<p>SQL Injection flaws should really not be found in such major WordPress Plugins in this day and age or so would we want to think. Nevertheless, to exploit this flaw, it requires a website that allows users to submit posts for review. That way the attacker can submit a post that contains the crafted NextGEN Gallery shortcodes.<\/p>\n<p>The vulnerability has since been fixed in NextGEN Gallery version 2.1.79 and therefore developers are advised to update immediately.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have found a severe vulnerability in NextGEN Gallery, a WordPress plugin with more than 1 million installations worldwide making as many websites vulnerable to this critical flow.<\/p>\n","protected":false},"author":1,"featured_media":4111,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[136,180,309,313,350,393,433,460,526,549,591,651],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Severe Security Flaw Found in NextGEN Gallery WordPress Plugin<\/title>\n<meta name=\"description\" content=\"A major SQL Injection Security flaw in the NextGEN Gallery WordPress Plugin has been found by researchers has been revealed\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Severe Security Flaw Found in NextGEN Gallery WordPress Plugin\" \/>\n<meta property=\"og:description\" content=\"A major SQL Injection Security flaw in the NextGEN Gallery WordPress Plugin has been found by researchers has been revealed\" \/>\n<meta property=\"og:url\" content=\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/\" \/>\n<meta property=\"og:site_name\" content=\"Brightwhiz.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/brightwhiz\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-01T08:46:13+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Bright\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:site\" content=\"@brightwhizmag\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Bright\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/\"},\"author\":{\"name\":\"Michael Bright\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\"},\"headline\":\"Researchers Find Severe Flaw in NextGEN Gallery WordPress Plugin\",\"datePublished\":\"2017-03-01T08:46:13+00:00\",\"dateModified\":\"2017-03-01T08:46:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/\"},\"wordCount\":257,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg\",\"keywords\":[\"CMS\",\"Database\",\"Images\",\"InfoSec\",\"Libraries\",\"MySQL\",\"Optimization\",\"Plugins\",\"Security\",\"SQL\",\"Tools\",\"WordPress\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/\",\"url\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/\",\"name\":\"Severe Security Flaw Found in NextGEN Gallery WordPress Plugin\",\"isPartOf\":{\"@id\":\"http:\/\/local.brightwhiz\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg\",\"datePublished\":\"2017-03-01T08:46:13+00:00\",\"dateModified\":\"2017-03-01T08:46:13+00:00\",\"description\":\"A major SQL Injection Security flaw in the NextGEN Gallery WordPress Plugin has been found by researchers has been revealed\",\"breadcrumb\":{\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg\",\"width\":1200,\"height\":630,\"caption\":\"Security NextGEN Gallery\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/local.brightwhiz\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Researchers Find Severe Flaw in NextGEN Gallery WordPress Plugin\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/local.brightwhiz\/#website\",\"url\":\"http:\/\/local.brightwhiz\/\",\"name\":\"Brightwhiz.com\",\"description\":\"Best Tech guides, Tutorials, and News\",\"publisher\":{\"@id\":\"http:\/\/local.brightwhiz\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/local.brightwhiz\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/local.brightwhiz\/#organization\",\"name\":\"Brightwhiz\",\"url\":\"http:\/\/local.brightwhiz\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\",\"url\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"contentUrl\":\"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png\",\"width\":706,\"height\":135,\"caption\":\"Brightwhiz\"},\"image\":{\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/brightwhiz\/\",\"https:\/\/twitter.com\/brightwhizmag\",\"https:\/\/instagram.com\/bright_whiz\/\",\"https:\/\/www.pinterest.com\/sobbayi\/\",\"https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32\",\"name\":\"Michael Bright\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g\",\"caption\":\"Michael Bright\"},\"sameAs\":[\"https:\/\/sobbayi.com\"],\"url\":\"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Severe Security Flaw Found in NextGEN Gallery WordPress Plugin","description":"A major SQL Injection Security flaw in the NextGEN Gallery WordPress Plugin has been found by researchers has been revealed","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/","og_locale":"en_US","og_type":"article","og_title":"Severe Security Flaw Found in NextGEN Gallery WordPress Plugin","og_description":"A major SQL Injection Security flaw in the NextGEN Gallery WordPress Plugin has been found by researchers has been revealed","og_url":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/","og_site_name":"Brightwhiz.com","article_publisher":"https:\/\/www.facebook.com\/brightwhiz\/","article_published_time":"2017-03-01T08:46:13+00:00","og_image":[{"width":1200,"height":630,"url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg","type":"image\/jpeg"}],"author":"Michael Bright","twitter_card":"summary_large_image","twitter_creator":"@brightwhizmag","twitter_site":"@brightwhizmag","twitter_misc":{"Written by":"Michael Bright","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#article","isPartOf":{"@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/"},"author":{"name":"Michael Bright","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32"},"headline":"Researchers Find Severe Flaw in NextGEN Gallery WordPress Plugin","datePublished":"2017-03-01T08:46:13+00:00","dateModified":"2017-03-01T08:46:13+00:00","mainEntityOfPage":{"@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/"},"wordCount":257,"commentCount":0,"publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"image":{"@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg","keywords":["CMS","Database","Images","InfoSec","Libraries","MySQL","Optimization","Plugins","Security","SQL","Tools","WordPress"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/","url":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/","name":"Severe Security Flaw Found in NextGEN Gallery WordPress Plugin","isPartOf":{"@id":"http:\/\/local.brightwhiz\/#website"},"primaryImageOfPage":{"@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage"},"image":{"@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage"},"thumbnailUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg","datePublished":"2017-03-01T08:46:13+00:00","dateModified":"2017-03-01T08:46:13+00:00","description":"A major SQL Injection Security flaw in the NextGEN Gallery WordPress Plugin has been found by researchers has been revealed","breadcrumb":{"@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#primaryimage","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2017\/02\/security-NextGEN-Gallery.jpg","width":1200,"height":630,"caption":"Security NextGEN Gallery"},{"@type":"BreadcrumbList","@id":"http:\/\/local.brightwhiz\/nextgen-gallery-wordpress-plugin-flaw\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/local.brightwhiz\/"},{"@type":"ListItem","position":2,"name":"Researchers Find Severe Flaw in NextGEN Gallery WordPress Plugin"}]},{"@type":"WebSite","@id":"http:\/\/local.brightwhiz\/#website","url":"http:\/\/local.brightwhiz\/","name":"Brightwhiz.com","description":"Best Tech guides, Tutorials, and News","publisher":{"@id":"http:\/\/local.brightwhiz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/local.brightwhiz\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"http:\/\/local.brightwhiz\/#organization","name":"Brightwhiz","url":"http:\/\/local.brightwhiz\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/","url":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","contentUrl":"http:\/\/local.brightwhiz\/wp-content\/uploads\/2021\/11\/brightwhiz-com-logo-orange.png","width":706,"height":135,"caption":"Brightwhiz"},"image":{"@id":"http:\/\/local.brightwhiz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/brightwhiz\/","https:\/\/twitter.com\/brightwhizmag","https:\/\/instagram.com\/bright_whiz\/","https:\/\/www.pinterest.com\/sobbayi\/","https:\/\/www.youtube.com\/channel\/UC6sCdP_d_RiTIM7ErFT-PSQ"]},{"@type":"Person","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/81f0f3126f13834ae2e7f381b3028e32","name":"Michael Bright","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/local.brightwhiz\/#\/schema\/person\/image\/","url":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","contentUrl":"http:\/\/1.gravatar.com\/avatar\/da90485875ff0aafa38fdd494abe87d1?s=96&d=mm&r=g","caption":"Michael Bright"},"sameAs":["https:\/\/sobbayi.com"],"url":"http:\/\/local.brightwhiz\/author\/sobbayiadmin\/"}]}},"_links":{"self":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/4110"}],"collection":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/comments?post=4110"}],"version-history":[{"count":0,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/posts\/4110\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media\/4111"}],"wp:attachment":[{"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/media?parent=4110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/categories?post=4110"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/local.brightwhiz\/wp-json\/wp\/v2\/tags?post=4110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}