Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Vulnerable WordPress Plugin Could Cause Severe Attacks

Sucuri researchers just came across a serious vulnerability that affects WordPress website databases. More particularly, a WordPress gallery plugin with more than 1 million active installations has been found to have a severe SQL injection flaw.

The researchers say that:

While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information.

Severe WordPress Plugin NextGEN Gallery Vulnerability Found

The flaw in question allows an unauthenticated user to harvest data from a targeted website database, sensitive user information included. Considering the seriousness of the issue, the flaw has been rated critical. Website admins who are using a vulnerable version of the plugin are urged to update it immediately.

Related: Android Tops the 2016 Top 50 Vulnerabilities List with 523 Bugs

According to Sucuri, the vulnerability can be exploited via two conditions: when an admin uses a NextGEN Basic TagCloud gallery, or when the website allows contributors to submit posts for review.

This vulnerability existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query. This is just like adding user input inside a raw SQL query. Relying on such an attack vector, a malicious actor could leak hashed passwords and WordPress secret keys in certain configurations, the company explained.

Furthermore, a malicious actor would simply need to take advantage of a $container_ids string in for the exploit to be triggered. This could be done either by modifying the NextGEN Basic TagCloud gallery URL or by using the tag gallery shortcode.

With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare’s behavior to add attacker-controlled code to the executed query.

Related: WordPress Just Fixed Serious Zero-Day Bug In Versions 4.7 and 4.7.1

Just last month, WordPress secretly fixed a serious zero-day bug. The bug allowed all pages on vulnerable websites to be modified. Also, visitors could have been redirected to malicious sites leading to more security-related complications. WordPress postponed the public announcement for a week and is now urging everyone involved to update.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Newsletter
Subscribe to receive regular updates about the state of PC Security and latest threads.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.