The Wordfence Threat Intelligence team have announced the discovery of severe vulnerabilities in NextGen Gallery, a gallery plugin used by over 800,000 WordPress sites.
If your site(s) use this plugin ensure you immediately update to the latest version (currently 3.5.0)
If you would like to delve into the detail visit the Wordfence post
December 14, 2020 – The Wordfence Threat Intelligence team finishes researching vulnerabilities in NextGen Gallery. We deploy firewall rules and reach out to Imagely.
December 15, 2020 – Imagely replies and we provide full disclosure.
December 16, 2020 – Imagely sends us a patched version of the plugin to review.
December 17, 2020 – A patched version of NextGen Gallery is made available to the public.
January 13, 2021 – Sites running the free version of Wordfence receive firewall rules.