Hashed passwords and WordPress secret keys are at risk.
NextGEN Gallery is an extraordinarily popular plugin for self-hosted WordPress websites, having been downloaded over 16.5 million times.
The software’s widespread popularity (it claims to have been “the industry’s standard WordPress gallery plugin” since 2007) makes it an seemingly obvious choice for website owners looking to add image galleries to their sites.
Researchers at Sucuri uncovered a severe SQL injection vulnerability in NextGEN Gallery’s code which could be used by a malicious attacker to steal sensitive information such as hashed passwords and WordPress secret keys:
This vulnerability can be exploited by attackers in at least two different scenarios:
- If you use a NextGEN Basic TagCloud Gallery on your site, or
- If you allow your users to submit posts to be reviewed (contributors).
If you fit into any of these two cases, you’re definitely at risk.
This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query; which is basically the same as adding user input inside a raw SQL query. Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys in certain configurations.