SQL Injection Vulnerability in NextGEN Gallery for WordPress
Just a quick update for our clients: we received notification this morning about a major new “vulnerability” and we have updated all our clients with the patch.
Details: We were notified this morning about a potential security vulnerability (we use Sucuri notifications) that affected many of our client websites. Apparently, a popular plugin (NextGen Gallery for WordPress) was found to have a severe vulnerability.
We patched all the clients who use this plugin, by updating to version 2.1.79 (for anyone on 2.1.77), before any miscreants took advantage…It will be curious how this affects the wider WordPress community since so many people use old and unpatched versions of this popular free plugin.