Addressed several serious vulnerabilities in the popular NextGEN Gallery WordPress plugin, which has an active install base of over 800.000 users. As discovered by the security team at Wordfence Threat Intelligence, an earlier version of the image gallery plugin suffered from two Cross-Site Request Forgery (CSRF) vulnerabilities, which opened the door to website takeover. The researchers classified the first vulnerability as high severity and the second as critical because it could be abused for cross-site scripting (XSS) and remote code execution (RCE) attacks.
Exploitation of the WordPress plugin
To exploit the vulnerable plugin, an attacker would have to trick the WordPress admin into launching a malicious link in their web browser, possibly via a phishing attack. If successful, the attacker could introduce malicious redirects, phishing mechanisms, and ultimately do whatever they want with the compromised website. "This attack would likely require some degree of social engineering... Also, performing these actions would require two separate queries, although this is straightforward to implement," Wordfence explained in a blog post. The developers at NextGEN Gallery released a fix for both bugs in December, but only around 300,000 users have installed the necessary update so far, meaning more than 500,000 websites are unprotected. All NextGEN Gallery plugin users are advised to update to the latest version immediately to protect against attacks. Through a computer on hold