Author Topic: Malware in a WordPress Pluging  (Read 2558 times)

Offline ranger1

  • Sr. Member
  • Posts: 123
    • View Profile
    • Dietrich's Marketing
Malware in a WordPress Pluging
« on: March 30, 2017, 09:02:40 PM »
A popular WordPress gallery plugin with more than one million active installations was recently patched to address a vulnerability exposing website databases to attack.

The NextGEN Gallery is a photo gallery management system used by professional photographers and artists upload, sort and group galleries. It’s been downloaded more than 16 million times since it was developed in 2007.
Related Posts
Workarounds Available for Flaws in Siemens RUGGEDCOM Gear
March 29, 2017 , 1:29 pm
Threatpost News Wrap, March 27, 2017
March 24, 2017 , 10:45 am
SAP Vulnerability Puts Business Data at Risk for Thousands of Companies
March 22, 2017 , 11:48 am

Researchers at Sucuri on Monday disclosed what was characterized as a “severe SQL injection vulnerability.”

“This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information,” researcher Slavco Mihajloski said. “This is quite a critical issue. If you’re using a vulnerable version of this plugin, update as soon as possible!”

Mihajloski described two conditions in which the vulnerability can be exploited: if an admin uses a NextGEN Basic TagCloud Gallery, or if the site allows contributors to submit posts to be reviewed.

“This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query; which is basically the same as adding user input inside a raw SQL query,” Mihajloski said. “Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys in certain configurations.”

Mihajloski said an attacker would need to abuse a $container_ids string in order to trigger the exploit. He could do so by either modifying the NextGEN Basic TagCloud gallery URL, or when using the tag gallery shortcode.

“With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare’s behavior to add attacker-controlled code to the executed query,” Mihajloski said.

WordPress plugins have been a source of security angst for the content management system for some time. A December research report from RIPS cofounder Hendrik Buchwald said the percentage of vulnerable plugins was high, but that this was an artifact of WordPress’ widespread adoption. Buchwald said he looked at more than 10,000 plugins with more than 500 lines of code and found that 43 percent had at least one medium-severity vulnerability. According to the research, plugins with fewer than 1,000 lines of code had next to zero vulnerabilities. While a large percentage of the internet’s sites may be built on WordPress, RIPS’ research suggests only a small percentage of the plugins used on those sites contain vulnerabilities.

Recently, WordPress platform users were face-to-face with a critical vulnerability in the core code that was patched in a recent security update in version 4.7.2. Hackers quickly capitalized, exploiting a vulnerability in the REST API endpoint to deface more than one million websites. Eventually, attackers tried to monetize these defacements, leaving behind links to rogue pharmaceutical websites trying to spam users into buying drugs or lure them into phishing scams trying to steal payment card data.

For more information go to

Offline Kelly Ling

  • Sr. Member
  • Posts: 301
    • View Profile
Re: Malware in a WordPress Pluging
« Reply #1 on: March 30, 2017, 09:39:25 PM »
Thanks for sharing this.  I have several sites that I need to get updated.

Kelly Ling
Kelly Ling

Offline Mark Austin

  • Admin
  • Posts: 7,962
  • Life is like photography. Use negatives to develop
    • View Profile
    • Resell Rights Weekly
Re: Malware in a WordPress Pluging
« Reply #2 on: March 31, 2017, 11:19:12 AM »
Thanks for the info Bernie. It's good to know!

“Keep away from people who try to belittle your ambitions. Small people always do that,
but the really great makes you feel that you, too, can become great.”
~ Mark Twain

Offline AlanUK

  • Jr. Member
  • Posts: 34
    • View Profile
Re: Malware in a WordPress Pluging
« Reply #3 on: March 31, 2017, 01:22:41 PM »
Wow! Nice share.

I've often been concerned about Plugins for WP and how people could hide lines of code that could do harm to your site.

Unfortunately I have to trust the plugin as I wouldn't know what to look for in terms of dodgy code.

Out of interest does anybody know if it's a costly exercise to check code in a Plugin?