Exploit Overview
The Wordfence Threat Intelligence team have announced the discovery of severe vulnerabilities in NextGen Gallery, a gallery plugin used by over 800,000 WordPress sites.
If your site(s) use this plugin ensure you immediately update to the latest version (currently 3.5.0)
If you would like to delve into the detail visit the Wordfence post
Timeline
December 14, 2020 – The Wordfence Threat Intelligence team finishes researching vulnerabilities in NextGen Gallery. We deploy firewall rules and reach out to Imagely.
December 15, 2020 – Imagely replies and we provide full disclosure.
December 16, 2020 – Imagely sends us a patched version of the plugin to review.
December 17, 2020 – A patched version of NextGen Gallery is made available to the public.
January 13, 2021 – Sites running the free version of Wordfence receive firewall rules.
NextGen Gallery is a very popular gallery plugin, with approx 800K installations.
It is considered the industry standard WordPress gallery plugin since 2007.
An online marketer with deep experience in Sales & Marketing as well as technical skills accumulated over the many years of working in this industry. He has been knee-deep in websites and online marketing since the mid 80’s.
Peter is a lateral thinker who sees solutions where many don’t.
Website Concierge is a reincarnate of Succinct Ideas, providing quality website support and online marketing for small businesses.
If you found something in my site useful, I’d really appreciate if you could link to the page and maybe Google will help other people who need the same info find the page as well 😉
