To exploit the vulnerability, attackers would have to create a feature found in the PHP programming language known as the $container_ids string. Untrusted visitors could achieve this against sites that use the NextGEN Basic TagCloud gallery feature by making slight modifications to the gallery URL.
“With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare’s behavior to add attacker controlled code to the executed query,” Monday’s blog post explained.
For the attack to work, a website would have to be set up to allow users to submit posts to be reviewed. An attacker could create an account on the site and submit a post that contains malformed NextGEN Gallery shortcodes.