SQL Injection Vulnerability in NextGEN Gallery for WordPress

less than 1 minute read

SQL Injection Vulnerability in NextGEN Gallery for WordPress<p>As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information.</p>

Are You at Risk?

This vulnerability can be exploited by attackers in at least two different scenarios:

  1. If you use a NextGEN Basic TagCloud Gallery on your site, or
  2. If you allow your users to submit posts to be reviewed (contributors).

Continue reading SQL Injection Vulnerability in NextGEN Gallery for WordPress at Sucuri Blog.

Spotlight on Women in Cybersecurity

less than 1 minute read

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into workin...

Hacked Website Trend Report – 2018

less than 1 minute read

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / ...