Group Admins

  • Profile picture of Steve

Group Mods

No Mods

Plugins

Public Group active 3 days, 8 hours ago ago

Talk about your favorite plugins and ask others for advice about finding or using Wordpress plugins

Researchers find “severe” flaw in NextGEN Gallery Plugin

Tagged: ,

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Joly MacFie Joly MacFie 5 months, 3 weeks ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #3332
    Profile photo of Joly MacFie
    Joly MacFie
    Participant

    https://arstechnica.com/security/2017/02/severe-vulnerability-in-wordpress-plugin-could-affect-1-million-sites/

    To exploit the vulnerability, attackers would have to create a feature found in the PHP programming language known as the $container_ids string. Untrusted visitors could achieve this against sites that use the NextGEN Basic TagCloud gallery feature by making slight modifications to the gallery URL.

    “With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare’s behavior to add attacker controlled code to the executed query,” Monday’s blog post explained.

    For the attack to work, a website would have to be set up to allow users to submit posts to be reviewed. An attacker could create an account on the site and submit a post that contains malformed NextGEN Gallery shortcodes.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.