An SQL injection vulnerability has been detected in a WordPress plugin that could provide attackers with access to a user’s website and enable them to siphon out data, according to a blog post from Sucuri.
While studying a variety of open source projects, researchers at Sucuri, a website security company, came across what they termed a “severe” SQL injection vulnerability in the WordPress plugin NextGEN Gallery, a popular gallery management system.
The flaw can be exploited by intruders in two ways, they stated: Either by a WordPress site using a NextGEN Basic TagCloud Gallery, or if a site permits readers to submit posts to be reviewed (contributors).
Should a site fall into either of these scenarios, “you’re definitely at risk,” the researchers said.
The cause of the flaw lies in the way NextGEN Gallery allows improperly sanitized user input in a WordPress-prepared SQL query, the post stated. This, in effect, is equivalent to adding user input inside a raw SQL query.
“Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys in certain configurations,” the researchers said.
The issue is “critical,” and users should update as quickly as possible the researchers advised.