Title: Security issue Last modified: August 30, 2016 --- # Security issue * Resolved [Komenda1](https://wordpress.org/support/users/komenda1/) * (@komenda1) * [10 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/) * Our site komenda1.skavt.net recently had enormous amount of “attacks” to specific file: xmlprc.php in NextGen plugin directory. It created a 30GB log file in a week or so. Here it is a quick preview of a log file: * > [Thu Oct 08 11:58:10.706838 2015] [:error] [pid 21669] [client 66.249.64.213: > 53632] PHP Warning: Illegal string offset ‘saved’ in /srv/htdocs/users.skavt. > net/komenda1/www/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/ > modules/nextgen_data/package.module.nextgen_data.php on line 2486 > [Thu Oct > 08 11:58:10.707035 2015] [:error] [pid 21669] [client 66.249.64.213:53632] > PHP Warning: Illegal string offset ‘saved’ in /srv/htdocs/users.skavt.net/komenda1/ > www/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ > nextgen_data/package.module.nextgen_data.php on line 2486 [Thu Oct 08 11:58: > 10.707064 2015] [:error] [pid 21669] [client 66.249.64.213:53632] PHP Warning: > Illegal string offset ‘saved’ in /srv/htdocs/users.skavt.net/komenda1/www/wp- > content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_data/ > package.module.nextgen_data.php on line 2486 [Thu Oct 08 11:58:10.707085 2015][: > error] [pid 21669] [client 66.249.64.213:53632] PHP Warning: Illegal string > offset ‘saved’ in /srv/htdocs/users.skavt.net/komenda1/www/wp-content/plugins/ > nextgen-gallery/products/photocrati_nextgen/modules/nextgen_data/package.module. > nextgen_data.php on line 2486 > and so on… > [Thu Oct 08 12:35:29.989510 2015] [:error] [pid 28127] [client > 194.0.59.55:41636] PHP Warning: Illegal string offset ‘saved’ in /srv/htdocs/ > users.skavt.net/komenda1/www/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/ > modules/nextgen_data/package.module.nextgen_data.php on line 2486 [Thu Oct > 08 12:35:29.989525 2015] [:error] [pid 28127] [client 194.0.59.55:41636] PHP > Warning: Illegal string offset ‘saved’ in /srv/htdocs/users.skavt.net/komenda1/ > www/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ > nextgen_data/package.module.nextgen_data.php on line 2486 > and so on… * Our tehnical support found out, that it is something wrong with file in: /wp- content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_data/ package.module.nextgen_data.php since we were not the only one with this kind of problem. They said they fixed a problem, bit it will be overwritten with next NextGen plugin update. Here is what they did: file: komenda1/www/wp-content/plugins/ nextgen-gallery/products/photocrati_nextgen/modules/nextgen_data/package.module. nextgen_data.php line: 2485 before fix: `if (i!isset($meta['saved'])) {` after fix: `if (is_array($meta) && !isset($meta['saved'])) {` * They said it is something with array checking. I am not familiar with this kind of stuff, so there is everything I can tell you. Before we hard-coded this, we tried disabling/updating all other plugins and changing user passwords(we only have two users). No success. * Please, can someone check this issue, there is a way that our site will be disabled if we don’t figure it out. Thanks * [https://wordpress.org/plugins/nextgen-gallery/](https://wordpress.org/plugins/nextgen-gallery/) Viewing 12 replies - 1 through 12 (of 12 total) * Plugin Contributor [photocrati](https://wordpress.org/support/users/photocrati/) * (@photocrati) * [10 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647074) * [@komenda1](https://wordpress.org/support/users/komenda1/) – Thanks for letting us know about this … I’ll have our developers review it as soon as possible. * – Cais. * Plugin Contributor [photocrati](https://wordpress.org/support/users/photocrati/) * (@photocrati) * [10 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647254) * [@komenda1](https://wordpress.org/support/users/komenda1/) – PS: Are you using the Lightroom plugin for NextGEN Gallery to upload your images? * – Cais. * Thread Starter [Komenda1](https://wordpress.org/support/users/komenda1/) * (@komenda1) * [10 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647284) * [@photocrati](https://wordpress.org/support/users/photocrati/) No. We have four plugins: **Subscribe2 Really Simple Share NextGEN Gallery by Photocrati and BMo Expo – a WordPress and NextGEN Gallery plugin While searching for the cause of this problem, the last (BMo Expo) and all other plugins were disabled, so I am sure it is NextGEN. * I upload photos/galleries with default NextGEN plugin interface. Sometimes I use FTP, but mostly just “Upload Images” or “Import Folder”. * – There are only two users with new passwords. – Commenting is disabled. * Thank you for your help, hope we will solve this issue. * Plugin Contributor [photocrati](https://wordpress.org/support/users/photocrati/) * (@photocrati) * [10 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647295) * [@komenda1](https://wordpress.org/support/users/komenda1/) – We are reviewing this but what you are reporting is *not* a security issue but an error message issue. * Thanks for the update! * – Cais. * Thread Starter [Komenda1](https://wordpress.org/support/users/komenda1/) * (@komenda1) * [10 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647301) * [@photocrati](https://wordpress.org/support/users/photocrati/) * Ok, good, let me know, hope you can manage to discover the problem. * As I said, I’m not an expert so I can’t say what it is or why it is. But, I need to write something on topic title, so this seemed the closest title to what I knew. * Thanks, Domen. * Plugin Contributor [photocrati](https://wordpress.org/support/users/photocrati/) * (@photocrati) * [10 years, 7 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647342) * [@komenda1](https://wordpress.org/support/users/komenda1/) – Thanks, we should have this sorted out in the next release of NextGEN Gallery. * – Cais. * Thread Starter [Komenda1](https://wordpress.org/support/users/komenda1/) * (@komenda1) * [10 years, 7 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647350) * Thank you! * Plugin Contributor [photocrati](https://wordpress.org/support/users/photocrati/) * (@photocrati) * [10 years, 7 months ago](https://wordpress.org/support/topic/security-issue-57/#post-6647353) * [@komenda1](https://wordpress.org/support/users/komenda1/) – You’re welcome! * – Cais. * Thread Starter [Komenda1](https://wordpress.org/support/users/komenda1/) * (@komenda1) * [9 years, 9 months ago](https://wordpress.org/support/topic/security-issue-57/#post-8183988) * Hello. Again me, same problem: error on server side: _PHP Warning: Illegal string offset ‘saved’ in …/www/wp-content/plugins/nextgen-gallery/products/photocrati\ _nextgen/modules/nextgen\_data/package.module.nextgen\_data.php on line 2543″_ * I’m not a programmer si I don’t know, but our technical support did say something about checking property existance and accesing them, but that is not a thing I can help. * I’ve had this same problem a couple of times meanwhile. So, I am using your free version of plugin, meaning I understand I can’t really “make any terms”, but if this errors keep showing on, I will have to unninstal this plugin from my pages. I know it is just 6 pages less for you, but still, I would rather have simpler and more reliable plugin. * Hope you manage to fix this really soon, our site is partially down in the meantime. Thanks, Domen. * Plugin Contributor [photocrati](https://wordpress.org/support/users/photocrati/) * (@photocrati) * [9 years, 9 months ago](https://wordpress.org/support/topic/security-issue-57/#post-8190528) * [@komenda1](https://wordpress.org/support/users/komenda1/) – If this issue is persisting then it may be best to send us a Bug Report (([https://imagely.com/report-bug/](https://imagely.com/report-bug/)… please reference this topic)) so we can have a closer look at your site. * Please include as many details as you can about your site and the issue at hand so we can move on this as fast as possible. * Thanks! * – Cais. * Thread Starter [Komenda1](https://wordpress.org/support/users/komenda1/) * (@komenda1) * [9 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-8191890) * Done. * Plugin Contributor [photocrati](https://wordpress.org/support/users/photocrati/) * (@photocrati) * [9 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-8198445) * [@komenda1](https://wordpress.org/support/users/komenda1/) – Thanks! I have sent a reply earlier today. Let’s keep the conversation in the Bug Report for the time being. * – Cais. Viewing 12 replies - 1 through 12 (of 12 total) The topic ‘Security issue’ is closed to new replies. * ![](https://ps.w.org/nextgen-gallery/assets/icon-256x256.png?rev=2083961) * [Photo Gallery, Sliders, Proofing and Themes - NextGEN Gallery](https://wordpress.org/plugins/nextgen-gallery/) * [Frequently Asked Questions](https://wordpress.org/plugins/nextgen-gallery/#faq) * [Support Threads](https://wordpress.org/support/plugin/nextgen-gallery/) * [Active Topics](https://wordpress.org/support/plugin/nextgen-gallery/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/nextgen-gallery/unresolved/) * [Reviews](https://wordpress.org/support/plugin/nextgen-gallery/reviews/) ## Tags * [array](https://wordpress.org/support/topic-tag/array/) * 12 replies * 2 participants * Last reply from: [photocrati](https://wordpress.org/support/users/photocrati/) * Last activity: [9 years, 8 months ago](https://wordpress.org/support/topic/security-issue-57/#post-8198445) * Status: resolved