The vulnerability can lead to attackers grabbing data from website database or user sensitive information
A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowing users to grab data from the victim’s website database, which may very well include sensitive user information.
The discovery was made by researchers from Sucuri who were working on discovering vulnerabilities for the Sucuri Firewall. For this project, they’ve been auditing multiple open source project looking for security issues, before stumbling upon NextGen Gallery, which is one of the most used gallery plugins on WordPress, with over 16.5 million downloads.
Powered by WPeMatico