NextGEN Gallery Plugin <= 3.28 is vulnerable

  • Resolved gmichaels

    (@gmichaels)


    3 months, 1 week ago

    Got an email today stating that our site is vulnerable because of the following scan that Sitelock performed on our website – 

    Severity: High

    Category: csrf

    Summary: NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF)

    Description: Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin a€“ NextGEN Gallery plugin? <= 3.28 leading to thumbnail alteration.

    Severity: High

    Category: acl violation

    Summary: NextGEN Gallery <= 3.37 - Authenticated (Admininistrator+) Arbitrary File Read and Deletion in gallery_edit

    Description: The NextGEN Gallery plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in versions up to, and including, 3.37. This is due to insufficient input validation within the gallery_edit function. This makes it possible for authenticated attackers, with administrator-level privileges and above, to read and delete arbitrary files.

    Severity: High

    Category: lfi

    Summary: NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

    Description: The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

    Severity: Critical

    Category: other

    Summary: WordPress Gallery Plugin a€“ NextGEN Gallery <= 3.38 - Authenticated (Admin+) PHAR Deserialization

    Description: The WordPress Gallery Plugin a€“ NextGEN Gallery plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 3.38 via deserialization of untrusted input in the gallery_edit function. This makes it possible for authenticated attackers, with administrative-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

    Severity: High

    Category: other

    Summary: WordPress Gallery Plugin a€“ NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

    Description: The WordPress Gallery Plugin a€“ NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.

    Is there a fix for this ?

    • This topic was modified 3 months, 1 week ago by gmichaels.
Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi @gmichaels,

    Thank you for reaching out!

    It looks like you’ve already contacted us via the support form, and our team has responded to your query. Kindly go through the response and feel free to get back for any additional assistance.

    Thanks!

    Thread Starter gmichaels

    (@gmichaels)

    Severity:?High

    Category:?csrf

    Summary:?NextGEN Gallery Plugin <= 3.28 is vulnerable to Cross Site Request Forgery (CSRF)

    Description:?Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin a€“ NextGEN Gallery plugin??<= 3.28 leading to thumbnail alteration.

    Severity:?High

    Category:?acl violation

    Summary:?NextGEN Gallery <= 3.37 - Authenticated (Admininistrator+) Arbitrary File Read and Deletion in gallery_edit

    Description:?The NextGEN Gallery plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in versions up to, and including, 3.37. This is due to insufficient input validation within the gallery_edit function. This makes it possible for authenticated attackers, with administrator-level privileges and above, to read and delete arbitrary files.

    Severity:?High

    Category:?lfi

    Summary:?NextGEN Gallery < 3.39 - Admin+ Local File Inclusion

    Description:?The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks

    Severity:?Critical

    Category:?other

    Summary:?WordPress Gallery Plugin a€“ NextGEN Gallery <= 3.38 - Authenticated (Admin+) PHAR Deserialization

    Description:?The WordPress Gallery Plugin a€“ NextGEN Gallery plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 3.38 via deserialization of untrusted input in the gallery_edit function. This makes it possible for authenticated attackers, with administrative-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

    Severity:?High

    Category:?other

    Summary:?WordPress Gallery Plugin a€“ NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

    Description:?The WordPress Gallery Plugin a€“ NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.

    Hi @gmichaels,

    We’re handling this in the tickets you sent to us through our official support channel for the premium version of the plugin.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.