A SQL injection vulnerability exists in the Imagely NextGEN Gallery plugin before 3.2.11 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php.
Recent assessments:
zeroSteiner at January 10, 2020 10:05pm UTC reported:
The SQL injection vulnerability is boolean-based blind. Exploitation is relatively simple but the attacker needs to be able to authenticate to Wordpress and possess the privileges to create a new post to attach the vulnerable widget.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 4