Photo Gallery by 10Web – Mobile-Friendly Image Gallery Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG & Path Traversal via esc_dir Function – CVE-2024-5426, CVE-2024-5481 | WordPress Plugin Vulnerability Report
Plugin Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery
Key Information:
- Software Type: Plugin
- Software Slug: photo-gallery
- Software Status: Active
- Software Author: 10Web
- Software Downloads: 18,052,863
- Active Installs: 200,000
- Last Updated: June 19, 2024
- Patched Versions: 1.8.24
- Affected Versions: <= 1.8.23
Vulnerability 1 Details:
- Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23
- Title: Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG
- Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
- CVE: CVE-2024-5426
- CVSS Score: 6.4
- Publicly Published: June 6, 2024
- Researcher: Tobias Weißhaar (kun_19)
- Description: The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the ‘svg’ parameter in versions up to and including 1.8.23. This vulnerability allows authenticated attackers, including contributors and above, to inject arbitrary web scripts. These scripts execute when a user accesses an affected page, potentially leading to unauthorized actions or data theft.
- References: Wordfence Advisory
Vulnerability 2 Details:
- Name: Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.23
- Title: Authenticated (Contributor+) Path Traversal via esc_dir Function
- Type: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
- CVE: CVE-2024-5481
- CVSS Score: 6.8
- Publicly Published: June 6, 2024
- Researcher: Tobias Weißhaar (kun_19)
- Description: The Photo Gallery by 10Web plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.8.23 via the esc_dir function. Authenticated attackers, starting from contributors upwards, can manipulate file paths to read sensitive files or delete directories on the server. This could lead to data exposure or disruption of site functionality.
- References: Wordfence Advisory
Summary:
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress has vulnerabilities in versions up to and including 1.8.23 that allow authenticated attackers to perform Stored Cross-Site Scripting (XSS) and Path Traversal attacks. These vulnerabilities have been patched in version 1.8.24.
Detailed Overview:
The vulnerabilities arise due to insufficient input sanitization and improper handling of file paths in the plugin’s codebase. Authenticated attackers, starting from contributor-level permissions, can exploit these flaws to inject malicious scripts or manipulate file operations, potentially compromising site security and integrity.
Advice for Users:
- Immediate Action: Update the Photo Gallery by 10Web plugin to version 1.8.24 immediately to mitigate the risk of exploitation.
- Check for Signs of Vulnerability: Monitor plugin settings and website logs for any suspicious activity, particularly related to injected scripts or unauthorized file accesses.
- Alternate Plugins: Consider temporarily deactivating the plugin until the update is applied or explore alternative plugins that offer similar gallery functionalities.
- Stay Updated: Regularly update all WordPress plugins to their latest versions to safeguard against vulnerabilities and ensure ongoing site security.
Conclusion:
The proactive response by 10Web in releasing version 1.8.24 promptly addresses the identified vulnerabilities, underscoring the importance of timely updates in maintaining WordPress site security. Users are strongly advised to update to version 1.8.24 or newer to protect their WordPress installations from potential exploits.
References:
Detailed Report:
In the fast-paced world of website security, maintaining the integrity of your WordPress site is more crucial than ever. Recently, vulnerabilities have been uncovered in the Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin, posing significant risks to website security. CVE-2024-5426 and CVE-2024-5481 highlight vulnerabilities that allow authenticated attackers, starting from contributor-level access, to execute malicious scripts and manipulate file paths. These vulnerabilities were addressed with the release of version 1.8.24 on June 19, 2024, urging immediate action from all users to update promptly.
Plugin Details:
Photo Gallery by 10Web is a popular plugin with over 200,000 active installations and millions of downloads. Developed by 10Web, it provides a user-friendly interface for creating mobile-friendly image galleries, making it a valuable tool for WordPress users seeking to showcase visual content.
Vulnerability Details:
- CVE-2024-5426 - Authenticated (Contributor+) Stored Cross-Site Scripting via Zipped SVG: This vulnerability allows authenticated attackers to inject malicious scripts via the 'svg' parameter, potentially compromising site security and integrity by executing arbitrary web scripts.
- CVE-2024-5481 - Authenticated (Contributor+) Path Traversal via esc_dir Function: Authenticated attackers can manipulate file paths using the esc_dir function, leading to unauthorized access and potential deletion of critical files, including those in the WordPress root directory.
Risks and Potential Impacts:
The exploitation of these vulnerabilities could result in severe consequences, such as data theft, site defacement, or operational disruptions. For small business owners relying on their WordPress site for online presence and operations, these risks underscore the importance of immediate action and proactive security measures.
Previous Vulnerabilities:
Since May 7, 2014, there have been 50 known vulnerabilities affecting Photo Gallery by 10Web. This history highlights the ongoing efforts needed to secure WordPress plugins against evolving cyber threats.
Importance of Staying on Top of Security Vulnerabilities:
The proactive release of version 1.8.24 by 10Web emphasizes the critical role of timely updates in safeguarding WordPress sites. For small business owners, investing in cybersecurity measures and staying informed about vulnerabilities not only protects their digital assets but also maintains customer trust and operational continuity.
Staying Secure
Staying on top of WordPress security can feel overwhelming for small business owners without dedicated IT staff. At Your WP Guy, we exist to shoulder that burden for you. Our WordPress experts can fully audit, secure, maintain and support your site - so you can focus on growing your business with peace of mind.
Don't tackle security risks alone. Let us help you assess any impact from this vulnerability, update your plugins, and implement ongoing maintenance to avoid future threats. We treat your website like it's our own - because we know how critical it is for reaching your customers.
Get in touch for a free consultation today on making WordPress security stress-free. Call 678-995-5169 or book a call here. Our knowledgeable team is ready to help you safeguard your online presence.