Return-Path: Delivered-To: mail@dorianvasco.de Received: from localhost (localhost [127.0.0.1]) by v22014122474822114.stilfilm.com (Postfix) with ESMTP id 8EF6ED2BAD for ; Mon, 27 Feb 2017 20:17:13 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at v22014122474822114.yourvserver.net X-Spam-Flag: YES X-Spam-Score: 2.193 X-Spam-Level: ** X-Spam-Status: Yes, score=2.193 required=2 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PYZOR_CHECK=1.392, RCVD_IN_DNSWL_BLOCKED=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no Received: from v22014122474822114.stilfilm.com ([127.0.0.1]) by localhost (v22014122474822114.yourvserver.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ImwxQp1jLVl4 for ; Mon, 27 Feb 2017 20:17:11 +0100 (CET) Received: from o3.mail2.shared.hubspot.com (o3.mail2.shared.hubspot.com [50.31.57.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by v22014122474822114.stilfilm.com (Postfix) with ESMTPS id 2E62DD26B7 for ; Mon, 27 Feb 2017 20:17:11 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=mail2.shared.hubspot.com; h=from:reply-to:to:subject:mime-version:content-type:list-unsubscribe; s=smtpapi; bh=Ktx0VI9BbNpeW1j9YotZdXxy6wM=; b=b7ThfPilRwZu1GtUWO /er1kGNAmFmBWauuUuA7Ff4raSXieo4rTGkEtgCe+KCQGvFVVeUkkMnsBEd30Fa4 GaqjdKF6UOZp2GLdU+oN7TjxYqUbba7rGIUkiew0B3ukP7BkY6bu2j/mWiOGUj+E bKWxBMY0C8ThoWE9dJ91NoAIw= From: Sucuri Team Reply-To: info@sucuri.net To: mail@dorianvasco.de Message-ID: <1488222800291.5c069764-3f97-4b18-8b79-faf1bf9a8247@mail2.shared.hubspot.com> Subject: ***SPAM*** Vulnerability Alert - NextGEN Gallery SQL Injection MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_1116928_2001187649.1488223010932" List-Unsubscribe: , X-Report-Abuse-To: abuse@hubspot.com (see https://www.hubspot.com/abuse-complaints) X-HubSpot-MID: CiQ1YzA2OTc2NC0zZjk3LTRiMTgtOGI3OS1mYWYxYmY5YTgyN DcQ4rMeGHEgACjCz9wUMJLLRzoTbWFpbEBkb3JpYW52YXNjby5kZUCjk /eHqCtI5AJaIGQ2MDA3ZDRmNzFiODkxMTA2NzUxOWU5Zjk2MTg5M2NjZ QAAPEJw8+HMGIABAIoBJGFhY2FkMjFmLWQ3NTgtMzlhMC1iMWIyLTdiY ThlNzM1OTdmMKABAKgBArABAMgBAdIBD2luZm9Ac3VjdXJpLm5ldOIBD mRvcmlhbnZhc2NvLmRl Date: Mon, 27 Feb 2017 19:16:51 +0000 (UTC) X-SG-EID: 7giigzkRv5byIVQi8QoJMf6K/3KfEkjMb81l2x8+gr/v8krV8Pb/cm+uLaBP1Z8SzlEzjHJXWv/kTm HOlXFzMwCYYV+J2ECc3PmdJTgzO3g3MuL6WwIwcmP/zDbqPqhqd7Nxuhp18gtslXmjIlxfEJ98N2cw ww+3WJHXAPsVG5jfwSysYiBPvMLkZakBGrwRT2ov9r1km5oAKGKBH//OJg== X-SG-ID: BaKDar+VrkG/S9kwb9JXA7e9ShzlXPUGRMtC+KHkdComoex0A4pOhB+zGEHdil7pS5FQcCVbSTrCXW mdB6sO5zhklkFFZQFK7MhsE3MOP8EFeXgDjwxL1AjmQhKAXZ2a6ncYPlLFXCjtIH5/iCCkT2hvDDV9 JugA+0YzVRU2g/qx63uk05XOCWYh84EPzwC+zOPOJja3ROPB9bB4ftniiKf9eapU+oXx1QYivpSY/W cpC0O5QazL+oSKsL3CUUrT8zbdJzT39wDzo3ayMFH1IRojTuux3kqsqhrX+FxBR7lP+eqkgivTOZ2k UtdcrikVPWJ5WZdk1LPYJ21NIRY7kg+peL8Vn7pd5KhUgiIWNzFxsPTPu6eO21IdHYnwBkJ0Y8VV8/ vyLPtr1GI1zFN27DZV1duoqNiMvG8DeoI3IB0= ------=_Part_1116928_2001187649.1488223010932 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Update NextGEN Gallery to 2.1.79 immediately to protect your site. SQLi Vulnerability in NextGEN Gallery Plugin (https://blog.sucuri.net/2017/= 02/sql-injection-vulnerability-nextgen-gallery-wordpress.html?utm_campaign= =3DVulnerability+Alerts&utm_source=3Dhs_email&utm_medium=3Demail&utm_conten= t=3D43460546&_hsenc=3Dp2ANqtz-9U8XixgqorsQARe1x_dmHVSGmJgZN4PjAW-7U1BksJpro= mbnTjPaVQH8BrS_nvT_VvNiliVX-9C3uUZa3rhD2ahW2bww&_hsmi=3D43460546) There is a new SQL injection vulnerability impacting sites using the NextGE= N Gallery plugin. We urge you to update NextGEN Gallery to version 2.1.79 immediately! NextGEN is one of the few plugins with over a million active installs accor= ding to the offiical WordPress repository. It is one the most popular plugi= ns for WordPress and as such, it is important to spread awareness about thi= s vulnerability to ensure as many sites as possible are protected. This vulnerability can be exploited by attackers in at least two different = scenarios: - If you use NextGEN Basic TagCloud gallery on your site, or - If you allow Contributors to submit posts to be reviewed. On the plugin page, NextGEN reports they have 16.5 million downloads, with = 1.5 million new installations per year. Update to NextGEN Gallery 2.1.79 to protect your WordPress website! If you use this plugin, update as soon as possible. If you can't update, pl= ease leverage a website firewall (https://sucuri.net/website-firewall/?utm_= campaign=3DVulnerability+Alerts&utm_source=3Dhs_email&utm_medium=3Demail&ut= m_content=3D43460546&_hsenc=3Dp2ANqtz--Zrw1xJCGphBdVEwPRUprOQFvo0rXzkMWNyZ4= WQFfPa-VnV73vq3KiS9rCnLYdm5TXHE_hGoYVQ0FKHTC_aeiq_WPSPA&_hsmi=3D43460546) s= olution to virtually patch the security hole and keep your site safe. Due to the severity of this vulnerability, we expect there to be large scal= e compromises. It is imperative that you take steps to secure your WordPres= s site against the issue. Read More About The Vulnerability (https://blog.sucuri.net/2017/02/sql-inje= ction-vulnerability-nextgen-gallery-wordpress.html?utm_campaign=3DVulnerabi= lity+Alerts&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D43460546= &_hsenc=3Dp2ANqtz--HodivAGgJ9SdZQN_g745afieXYR9Zy9pbfXGIMTI6-9Dn7eDVDl3mDWo= bNhxcRneMq7F1F37HRZrkS7bP5d1zVb4K_g&_hsmi=3D43460546) Websites behind the Sucuri Firewall are protected against this threat via V= irtual Hardening / Patching. This email does not mean you are affected! Being proactive in the protection of your site is one of the most important= aspects of having a solid security posture. Therefore, we feel it=E2=80=99= s important to research and report on all potential threats as quickly as p= ossible. Sincerely, - Your Sucuri Security Team Share on Facebook (https://www.facebook.com/SucuriSecurity/?utm_campaign=3D= Vulnerability+Alerts&utm_source=3Dhs_email&utm_medium=3Demail&utm_content= =3D43460546&_hsenc=3Dp2ANqtz-_7xUmLbsVkWZ9alS0bTqcdmGR0Qfs3L3s9XWE7pa67qe3-= Tc0H-NqSkOyoiL9qAramWoNK6vqOaChPrlmJIM73Levy1w&_hsmi=3D43460546) Share on = LinkedIn (https://www.linkedin.com/company/sucuri-security?utm_campaign=3DV= ulnerability+Alerts&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D= 43460546&_hsenc=3Dp2ANqtz-_8O9RBwF0P6DGJOhv6VHGY4jfbUv27Lfj-5tShSzKcLmNILDD= ydqMLWYuIJi5evP9hFLzivO_8xnJIve2JHU643fDAqA&_hsmi=3D43460546) Share on Twi= tter (https://twitter.com/SucuriSecurity?utm_campaign=3DVulnerability+Alert= s&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D43460546&_hsenc=3D= p2ANqtz--EoD-uRGWwW_ZXDPEthcmviuK0lCODJtKc2tLCViuPza5ZsOVgWCHMnNsNUhb5pcb7q= kPnIxokuP5Zs--zvpp05nqljg&_hsmi=3D43460546) Sucuri Security 30141 Antelope RD Menifee, CA 92584 You received this email because you are subscribed to Security Disclosures = & Vulnerability Alerts from Sucuri Security. Update your email preferences (http://sucuri.hs-sites.com/hs/manage-prefere= nces/unsubscribe?v=3D1&d=3DeyJlYSI6Im1haWxAZG9yaWFudmFzY28uZGUiLCJlYyI6NDM0= NjA1NDYsInN1YnNjcmlwdGlvbklkIjoxMTcyODgyLCJldCI6MTQ4ODIyMjgwMDI5MSwiZXUiOiI= 1YzA2OTc2NC0zZjk3LTRiMTgtOGI3OS1mYWYxYmY5YTgyNDcifQ%3D%3D&utm_campaign=3DVu= lnerability+Alerts&utm_source=3Dhs_email&utm_medium=3Demail&utm_content=3D4= 3460546&_hsenc=3Dp2ANqtz-8bl2k8xgbitkMb48_yuWMLbi5g7NfkHDnvOGtyLSpFeJNSonyu= HoNS6yt_eqmbxid-UCQEXGt7xu-_I_5PJREoyU85wA&_hsmi=3D43460546) to choose the = types of emails you receive. Unsubscribe from all future emails (http://sucuri.hs-sites.com/hs/manage-pr= eferences/unsubscribe-all?v=3D1&d=3DeyJlYSI6Im1haWxAZG9yaWFudmFzY28uZGUiLCJ= lYyI6NDM0NjA1NDYsInN1YnNjcmlwdGlvbklkIjoxMTcyODgyLCJldCI6MTQ4ODIyMjgwMDI5MS= wiZXUiOiI1YzA2OTc2NC0zZjk3LTRiMTgtOGI3OS1mYWYxYmY5YTgyNDcifQ%3D%3D&utm_camp= aign=3DVulnerability+Alerts&utm_source=3Dhs_email&utm_medium=3Demail&utm_co= ntent=3D43460546&_hsenc=3Dp2ANqtz-8UFKzKEW8MN8k3Qx79NVkqGXKshhGPSvGIPiHFb8M= PMUAsp4Cvcoebr8aBS3fqXgKEHbfK6i6ZMIdMhJxcHXQIgVB2PA&_hsmi=3D43460546)= ------=_Part_1116928_2001187649.1488223010932 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Vulnerability Alert - NextGEN Gallery SQL Injection =20=20=20=20=20=20=20=20
Update Ne= xtGEN Gallery to 2.1.79 immediately to protect your site.
=20=20
3D"Real
3D"wordpress-vulnerability-disclosure.png"
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20

There is a new SQL injection vul= nerability impacting sites using the NextGEN Gallery plugin.

We urge you to update NextGEN Gallery to version 2.1= .79 immediately!

NextGEN is one of the few plugins with over a millio= n active installs according to the offiical WordPress repository. = It is one the most popular plugins for WordPress and as such, it is importa= nt to spread awareness about this vulnerability to ensure as many sites as = possible are protected.

This vulnerability can be exploited by attackers in at least= two different scenarios:

  1. If y= ou use NextGEN Basic TagCloud gallery on your site, or
  2. If y= ou allow Contributors to submit posts to be reviewed.

On the plugin page, NextGEN reports they have 16.5 m= illion downloads, with 1.5 million new installations per year.

Update to NextGEN Gallery 2.1.79 to protect your Wor= dPress website!

If you use this plugin, update as soon as possible. If you c= an't update, please leverage a website firewall solution to virtual= ly patch the security hole and keep your site safe.

Due to the severity of this vulnerability, we expect there t= o be large scale compromises. It is imperative that you take steps to secur= e your WordPress site against the issue.

Read More About The Vulnerability

 Websites behin= d the Sucuri Firewall are protected against this threat vi= a Virtual Hardening / Patching.

 
This email does not mean you a= re affected!

Being proactive in the protection of your site is one = of the most important aspects of having a solid security= posture. Therefore, we feel it=E2=80=99s important to research= and report on all potential threats as quickly as possible.<= /div>
 
 
Sincerely,
- Your Sucuri Security Te= am

 

=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
 3D"Share 3D"Share

Sucuri Security   30141 Antelope RD    Menifee,  CA   92584   

You received this email because you are subscribed to Security Disclosures = & Vulnerability Alerts from Sucuri Security.

Update your e= mail preferences to choose the types of emails you receive.

 Unsubscribe = from all future emails 

=20=20=20=20 3D""
= ------=_Part_1116928_2001187649.1488223010932--