Tim Allen on 2 Sep 2015 10:18:43 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] WordPress Plugin Security Update

Good afternoon,

Since there seems to be a fair amount of WordPress usage here, and NextGEN Gallery is a very popular plugin (I use it on my site), I figured I'd pass this along. I was already on 2.1.9, but I figured many were not.




At WP Engine we take security very seriously and we make every effort to keep our customers aware of any potential issues.

Since we identified your site, (xxxxx), as having the vulnerable version of NextGEN Gallery installed in the last 24-48 hours, we would like to draw your attention to an important security issue that exists within this plugin.

The plugin is vulnerable to modification in the file path for post requests.

Due to the severity of this exploit we strongly recommend you update your plugin to the latest version, 2.1.9. Please make sure to run a backup of your database first; which you can learn how to do here in an article: http://wpengine.com/support/restore/ or here in an interactive walkthrough: https://my.wpengine.com/dashboard/?walkthrough_id=2278

If you have any questions about updating your plugin or performing a backup please feel free to reach out to our Support team at any time!

-WP Engine Security Team

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug