Security Bulletin for Admins running CGM from CodeCanyon

While I realize this isn't a CodeCanyon forum, I also know we have a lot of bleed over into that community. A few hours ago, an exploit that allows arbitrary file uploads to WordPress was published, using Complete Gallery Manager as the vessel.

http://www.exploit-db.com/exploits/28377/

If you or your client are running CGM, you should be especially careful over the next few days. Most clients will refuse to take their galleries offline during this period of increased vulnerability so it is UP TO YOU to watch your files and ensure nothing shows up that you didn't put there.

This should also serve as a reminder that every plugin you install reduces the inherent security of your site. While plugins aren't bad, it is important not to to like gop.com has and boot in 250+ of them (ahem, 56 of which are vulnerable at my last count).

Know what is on your server, only install plugins from reputable authors, and know that even when you are using something as well crafted as CGM, it still increases your attack profile to a hacker.

Stay safe out there --