Sucuri has posted a Critical Security Alert for the NextGEN Gallery for WordPress plugin...
Quote:
|
...we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information.
|
https://blog.sucuri.net/2017/02/sql-...wordpress.html
An updated version has already been released and anyone using this plugin should immediately update their plugin or disable until such time as they can update.
Additional Information is available here:
https://wordpress.org/plugins/nextgen-gallery/
As always FutureQuest encourages anyone running any scripts, such as
WordPress, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
Linear Mode
