Plattform
wordpress
Komponente
photo-gallery
Behoben in
1.8.20
CVE-2024-0221 is a critical directory traversal vulnerability discovered in the Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress. This flaw allows authenticated attackers to rename arbitrary files on the server, posing a significant risk of site takeover. The vulnerability impacts versions of the plugin up to and including 1.8.19, and a patch is available from the vendor.
The core impact of CVE-2024-0221 lies in the ability of an authenticated attacker to manipulate files on the WordPress server. Specifically, the rename_item function is vulnerable, allowing an attacker to rename any file they have access to. The most severe consequence is the potential for site takeover if the attacker can rename the wp-config.php file, effectively gaining control of the WordPress installation. While by default this is limited to administrators, the premium version allows granting gallery management permissions to lower-level users, significantly expanding the attack surface. This vulnerability shares similarities with other file manipulation vulnerabilities where unauthorized access to configuration files can lead to complete system compromise.
CVE-2024-0221 was publicly disclosed on February 5, 2024. The vulnerability is considered high probability due to its ease of exploitation and the potential for significant impact. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.
WordPress websites using the Photo Gallery by 10Web plugin, particularly those running versions prior to 1.8.19, are at risk. Sites utilizing the premium version of the plugin and granting gallery management permissions to users with limited privileges are at heightened risk of exploitation.
• wordpress / composer / npm:
wp plugin list --status=active | grep 'Photo Gallery by 10Web'• wordpress / composer / npm:
grep -r 'rename_item' /var/www/html/wp-content/plugins/photo-gallery-by-10web/• wordpress / composer / npm:
wp plugin update --all• generic web: Check WordPress plugin directory for updates and security advisories related to Photo Gallery by 10Web.
disclosure
Exploit-Status
EPSS
1.16% (79% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-0221 is to immediately upgrade the Photo Gallery by 10Web plugin to a version patched against this vulnerability. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file permissions on the WordPress server to limit the attacker's ability to rename critical files. Implement a Web Application Firewall (WAF) with rules to block attempts to access or manipulate files outside of designated directories. Review user permissions within the plugin, particularly in premium versions, to ensure that only trusted users have gallery management privileges. After upgrade, confirm the fix by attempting to rename a test file outside the intended gallery directory and verifying that the operation is denied.
Aktualisieren Sie das Photo Gallery by 10Web Plugin auf die neueste Version. Die Directory Traversal-Schwachstelle wurde in Versionen nach 1.8.19 behoben. Dies verhindert, dass authentifizierte Benutzer beliebige Dateien auf dem Server umbenennen können.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-0221 is a critical vulnerability allowing authenticated attackers to rename files on a WordPress server via the Photo Gallery by 10Web plugin, potentially leading to site takeover.
You are affected if your WordPress site uses Photo Gallery by 10Web plugin version 1.8.19 or earlier.
Upgrade the Photo Gallery by 10Web plugin to the latest available version. If immediate upgrade isn't possible, restrict file permissions and consider WAF rules.
While active exploitation hasn't been confirmed, the vulnerability is considered high probability and public exploits are likely to emerge.
Check the 10Web website and WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.