Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - ranger1

Pages: [1] 2 3 ... 9
Services Offered/Needed / Malware in a WordPress Pluging
« on: March 30, 2017, 09:02:40 PM »
A popular WordPress gallery plugin with more than one million active installations was recently patched to address a vulnerability exposing website databases to attack.

The NextGEN Gallery is a photo gallery management system used by professional photographers and artists upload, sort and group galleries. It’s been downloaded more than 16 million times since it was developed in 2007.
Related Posts
Workarounds Available for Flaws in Siemens RUGGEDCOM Gear
March 29, 2017 , 1:29 pm
Threatpost News Wrap, March 27, 2017
March 24, 2017 , 10:45 am
SAP Vulnerability Puts Business Data at Risk for Thousands of Companies
March 22, 2017 , 11:48 am

Researchers at Sucuri on Monday disclosed what was characterized as a “severe SQL injection vulnerability.”

“This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information,” researcher Slavco Mihajloski said. “This is quite a critical issue. If you’re using a vulnerable version of this plugin, update as soon as possible!”

Mihajloski described two conditions in which the vulnerability can be exploited: if an admin uses a NextGEN Basic TagCloud Gallery, or if the site allows contributors to submit posts to be reviewed.

“This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query; which is basically the same as adding user input inside a raw SQL query,” Mihajloski said. “Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys in certain configurations.”

Mihajloski said an attacker would need to abuse a $container_ids string in order to trigger the exploit. He could do so by either modifying the NextGEN Basic TagCloud gallery URL, or when using the tag gallery shortcode.

“With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare’s behavior to add attacker-controlled code to the executed query,” Mihajloski said.

WordPress plugins have been a source of security angst for the content management system for some time. A December research report from RIPS cofounder Hendrik Buchwald said the percentage of vulnerable plugins was high, but that this was an artifact of WordPress’ widespread adoption. Buchwald said he looked at more than 10,000 plugins with more than 500 lines of code and found that 43 percent had at least one medium-severity vulnerability. According to the research, plugins with fewer than 1,000 lines of code had next to zero vulnerabilities. While a large percentage of the internet’s sites may be built on WordPress, RIPS’ research suggests only a small percentage of the plugins used on those sites contain vulnerabilities.

Recently, WordPress platform users were face-to-face with a critical vulnerability in the core code that was patched in a recent security update in version 4.7.2. Hackers quickly capitalized, exploiting a vulnerability in the REST API endpoint to deface more than one million websites. Eventually, attackers tried to monetize these defacements, leaving behind links to rogue pharmaceutical websites trying to spam users into buying drugs or lure them into phishing scams trying to steal payment card data.

For more information go to

New Member Intros / Re: Surgery I had
« on: October 25, 2015, 08:45:39 PM »
I would like to thank you for your prayers, Tomorrow starts first day of therapy and its a long road but I know that God is with me, and thank you for being my friends have a Blessed Night


New Member Intros / Surgery I had
« on: October 25, 2015, 09:41:34 AM »
This is Ranger1 I was going to tell everyone that I had surgery on my spine and spleen,  I had a 250lb tree fall on my back, and it knocked me out.  This happen the end of July but I just came home from the VA.  I am doing alright, God really helped me and to all my friends here I just wanted to let you know how I am doing.

Now I am going to be laid up for a while, Thank God I have my Laptop in my room at home. I am ready to start making the income now. I have to go through therapy and that so please pray that my recovery will be well.

Thanks to all my forum family.

New Member Intros / Re: How does it work?
« on: October 25, 2015, 09:36:13 AM »
Welcome to the forum :welcome:

Technical Assistance / Re: JV Tools Creator
« on: September 25, 2015, 06:07:05 PM »
Welcome to the Forum

Technical Assistance / Re: Any desktop builders out there?
« on: July 18, 2015, 01:09:22 AM »
Hey Dom Let me look around my house I may have that kind of Ram if not I know my friend does.


Questions About Latest Products / Re: The WP iAsk Plugin
« on: July 18, 2015, 12:46:19 AM »
I have been using the plugin, it is very tricky at first but it does work. just read the instructions and if that do not work still IM me and I will help

Thanks Bernie

Hello and welcome to the forum, I have not seen the theme yet but I know Mark will get to the bottom of it

Thanks Bernie

Technical Assistance / Re: Download problem
« on: July 07, 2015, 12:55:46 PM »
It worked for me , check your cookies and cache


Product Requests / Re: Brand Authority
« on: June 20, 2015, 01:10:04 AM »
I do not think it was requested yet, but Mark could tell you.


Product Requests / Re: New Proiduct Request and a question
« on: June 12, 2015, 04:45:30 AM »
Thank you Jerome for the update, can you tell me is there a script that I can put on WP for like a store front, that Can do PLR and MMR all from WP, with out making a whole new site. Thanks


Product Requests / New Proiduct Request and a question
« on: June 11, 2015, 09:51:21 PM »
Hello everyone, I was wondering Mark if you can get take a look at a product that I did not see on the Gold member site. the url is  it called the Affiliate Army Script.  And I was wondering also can you do a download script on WP.  I found this in my email and I think it would be great for it to be on the membership site.

Bernie :angel4:

Nice advice that I will read it more also


Hey this is a good one, I thought I saw it when I was bringing up WP plugins good find my friend


Product Requests / Re: Infographic sale, can add personal
« on: June 02, 2015, 02:07:09 PM »
This looks like to be a good product


Pages: [1] 2 3 ... 9