An updated version has already been released and anyone using this plugin should immediately update their plugin or disable until such time as they can update....we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information.
https://blog.sucuri.net/2017/02/sql-inj ... press.html
Additional Information is available here:
https://wordpress.org/plugins/nextgen-gallery/