A popular WordPress gallery plugin with more than one million active installations was recently patched to address a vulnerability. The NextGEN Gallery is a photo gallery management system used by professional photographers and artists upload, sort and group galleries. The vulnerability allows an unauthenticated user to grab data from the victim s website database, including sensitive user information, researcher Slavco Mihajloski said. An attacker would need to abuse a $container_ids string in order to trigger the exploit. WordPress plugins have been a source of security angst for the content management system.
Source: https://threatpost.com/million-plus-wordpress-sites-exposed-by-vulnerable-plugin/123983/