MyGallery Plugin for WordPress If you are using the myGallery plugin for WordPress to display your pictures, please follow the link above and update your plugin to the latest version. A pretty serious remote code execution vulnerability in the plugin has been found and disclosed and there have been scattered reports of hack attempts.
may gallery
I’d recommend people subscribe to the Milw0rm rss of latest exploits, even if people aren’t interested in hackin/security stuff, It’s a good way of getting a heads up on what the script kiddies are going to target next. The my gallery exploit was posed a couple of days ago.
Thanks for the tip!
Nice since I didn’t get anything from the plugin author although I am subscribed to the comments on his main plugin description…
BTW, any details on this vulnerability? Anything in particular we should look for to make sure our sites weren’t compromised?
(I don’t need details on how to carry out the exploit, just what type of behavior the vulnerability allows)
ttancm, I tried to stay away from describing the vulnerability here. Just search on google for myplugin vulnerability and you should find lots of resources.
Thanks for this heads up! One of my sites, radiozoom.net, went down after a mygallery problem showed up. Couldn’t even get into the front page. I removed the plugin physcally in case this was the problem, and apparently it was. Will update ASAP.
Please update also wordTube,wp-table and myFlash. I have a similar problem in this plugins. All versions at wordpress.org and on my homepage are now safe… Sorry for the problems.
Mark,
Definitely understandable, sort of mute anyway since as far as I can tell the exploit lets them do pretty much anything they want.
mute = moot =P