There is currently a zero day SQL injection vulnerability in the WordPress Video Gallery plugin.
If you are using this plugin, please disable and remove it from your site immediately. The vulnerability allows a remote attacker to download every database that your WordPress system uses or has access to and may allow database modification.
According to sources, the plugin still has not been updated by the vendor. Because this is being exploited actively and the vendor has been notified, we are now publicly disclosing the existence of this vulnerability.
The vulnerability allows an attacker to download all databases that your WordPress system has access to. We have verified this in our lab by exploiting one of our internal systems with the newest version of this plugin installed.