Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.

Jesus wept

[JustAnotherOldGuy]

"...This happens due to improper input sanitization in the URL parameters"

Not this shit again. Look kids, use parameterized queries (prepared statements) or a decent sanitizer library (there are several available that are actually very good).

To get hacked because of poor sanitizing of inputs is downright embarrassing in this day and age.

Re:Sanitizing Untrusted Input

[Dracos]

Because WP is the product of a lousy team with the lowest possible standard of practices, their tradition since 2004. Those attitudes permeate throughout the WP "development" landscape. If the core presented best practices and enforced using them, so many vulnerabilities would have been mitigated. Not only is WP shitty code, it begets shitty code.

Re:Sanitizing Untrusted Input

[Frosty+Piss]

I'm also glad I don't use PHP

The is crap written in EVERY language, and variations of C are certainly not immune to this. I can write code that accepts unsanitized input in any language you choose.