Question 1

What is the vulnerability in Photo Gallery by 10Web?

Accepted Answer

What is the vulnerability in Photo Gallery by 10Web?

The Photo Gallery plugin by 10Web has a path traversal vulnerability that was discovered in versions up to and including 1.8.19. This vulnerability allows authenticated users, like admins, to exploit the rename_item function to rename arbitrary files outside of the intended photo gallery directory on the server. For example, attackers could rename key WordPress files and take over sites.

Question 2

How severe is this Photo Gallery plugin vulnerability?

Accepted Answer

How severe is this Photo Gallery plugin vulnerability?

This vulnerability is considered critical severity, with a CVSS base score of 9.1 out of 10. The ability of authenticated users to traverse directories and rename sensitive files enables serious impacts like malware injection, data theft, and full site takeovers by renaming wp-config.php in the root directory of the WordPress site. The ease of exploiting this vulnerability contributes to the high severity assessment.

Question 3

What versions of the Photo Gallery plugin are affected?

Accepted Answer

What versions of the Photo Gallery plugin are affected?

All versions of Photo Gallery by 10Web up to and including 1.8.19 contain this vulnerability and should be updated immediately. The issue is fixed in version 1.8.20, which was released after the vulnerability was reported privately to 10Web by the security researcher Bence Szalai. So upgrading sites to 1.8.20 resolves the vulnerability.

Question 4

How can I tell if my WordPress site is vulnerable?

Accepted Answer

How can I tell if my WordPress site is vulnerable?

If your WordPress site has the Photo Gallery plugin by 10Web active, you can check which version is installed by going to Plugins > Installed Plugins within your WordPress dashboard. If the version listed is 1.8.19 or below, your site is impacted and should be updated to close this security flaw. You can also use available WordPress vulnerability scanners to automatically detect if your active plugins contain any published vulnerabilities.

Question 5

Is there any indication my site has been compromised?

Accepted Answer

Is there any indication my site has been compromised?

If hackers were already able to exploit this vulnerability and modify or rename files within your WordPress installation before you upgrade, there may be signs of compromise. Unexpected new admin accounts, strange database queries, changes to files within wp-admin and wp-includes, and unexpected code snippets inserted throughout are some indicators to look for during your post-update review. Thorough scans using WordPress vulnerability tools can help detect suspected issues.

Question 6

What steps should I take to update and secure my site?

Accepted Answer

What steps should I take to update and secure my site?

First, log into your WordPress dashboard and update Photo Gallery by 10Web to version 1.8.20 within the update mechanism for Plugins. Next conduct a review for any signs of compromise already mentioned. Consider switching gallery plugins as an extra precaution, using options without known vulnerabilities currently. Make sure you have automated background updates enabled for WordPress core, plugins and themes so any future fixes can be applied promptly.

Question 7

Can vulnerabilities like this lead to impacts beyond my own site being hacked?

Accepted Answer

Can vulnerabilities like this lead to impacts beyond my own site being hacked?

Yes, vulnerabilities within widely-used plugins have far-reaching implications beyond just the security of your own website. Since flawed plugins are installed across hundreds of thousands of sites, they pose aggregate risks to the broader internet and provide efficient vectors for large scale attacks. Hackers often rapidly weaponize dangerous plugin flaws into global threats within days - which underscores why timely patching is so essential not just for your own site protection but for limiting the wider-spread damage.

Question 8

Why do plugins tend to have frequent vulnerabilities like this?

Accepted Answer

Why do plugins tend to have frequent vulnerabilities like this?

By nature plugins add a lot of complex code and features that expand attack surface area for hackers to probe. Just like any software, bugs and flaws inevitably arise in plugins – especially free plugins maintained by small teams. The challenge is the volume and frequency of plugins used on most WordPress sites creates multiplying risk. Using the essentials, keeping them updated, monitoring for issues and being ready to switch away from problematic plugins are all key for balancing functionality with security for your website.

Question 9

What should I do if I need help evaluating or securing my site?

Accepted Answer

What should I do if I need help evaluating or securing my site?

If after learning about vulnerabilities like this you have concerns about flaws existing on your website, the best thing to do is connect with a trusted WordPress developer or agency to conduct an audit. They can scan for known vulnerabilities, review your plugins and setup, make upgrade and configuration recommendations tuned to your particular site’s security needs, and help ensure you don’t overlook any gaps that could lead to compromise. I’m always happy to offer this assistance as well to any readers with concerns after reading this.

critical vulnerability

Photo Gallery by 10Web Vulnerability – Directory Traversal to Arbitrary File Rename – CVE-2024-0221 | WordPress Plugin Vulnerability Report

Recent Blog Posts

LiteSpeed Cache Vulnerability – Unauthenticated Sensitive Information Exposure via Log Files – CVE-2024-44000 | WordPress Plugin Vulnerability Report

Elementor Addon Elements Vulnerability – Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Parameters – CVE-2024-4401, CVE-2024-7122 | WordPress Plugin Vulnerability Report

The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Vulnerability – Authenticated (Contributor+) Information Disclosure – CVE-2024-7418 | WordPress Plugin Vulnerability Report

Additional Resources

About Your WP Guy