- Mar 01, 2017
- by Brad Litwin
At A2 Hosting, we take website performance seriously. We also take security seriously, just as our partner Sucuri does. Sucuri is a website security and vulnerability detection solution. Sucuri has recently detected a severe SQL injection vulnerability in the NextGEN Gallery WordPress plugin. The vulnerability in this highly popular image gallery plugin according to Sucuri “allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information.” This can ultimately allow attackers to exploit the weakness and steal data from and cause damage to the site’s database backend.
Users of the NextGEN Basic TagCloud Gallery feature and those who open their site up for post submissions are specifically at risk. With the newest plugin version applying the fix to this vulnerability within the last week, A2 Hosting recommends that all NextGEN Gallery users update their plugin to the most recent version as soon as possible to keep sites and users secure. If you have NextGEN Gallery installed on your site and are not using it, we also recommend that you uninstall it. We have the same recommendation for any other plugins that you have installed for your site, but are not using.
Sucuri rates this vulnerability as a 9 out of 10 on its severity scale so we also highly recommend that you don’t underestimate the potential damage it could cause. Take the time now to keep your site safe now! If your site is one of the million+ instances using NextGEN Gallery, make sure you take the steps to update your plugin now so your site doesn’t become a statistic. And for the fastest and most secure WordPress Hosting solutions, visit A2 Hosting now.