0409 507 920 [email protected]

Exploit Overview 

The Wordfence Threat Intelligence team have announced the discovery of severe vulnerabilities in NextGen Gallery, a gallery plugin used by over 800,000 WordPress sites.  

If your site(s) use this plugin ensure you immediately update to the latest version (currently 3.5.0) 

If you would like to delve into the detail visit the Wordfence post

Timeline

December 14, 2020 – The Wordfence Threat Intelligence team finishes researching vulnerabilities in NextGen Gallery. We deploy firewall rules and reach out to Imagely.
December 15, 2020 – Imagely replies and we provide full disclosure.
December 16, 2020 – Imagely sends us a patched version of the plugin to review.
December 17, 2020 – A patched version of NextGen Gallery is made available to the public.
January 13, 2021 – Sites running the free version of Wordfence receive firewall rules.

NextGen Gallery is a very popular gallery plugin, with approx 800K installations.

It is considered the industry standard WordPress gallery plugin since 2007.

Peter Cornish
Peter Cornish

An online marketer with deep experience in Sales & Marketing as well as technical skills accumulated over the many years of working in this industry. He has been knee-deep in websites and online marketing since the mid 80’s.
Peter is a lateral thinker who sees solutions where many don’t.

Website Concierge is a reincarnate of Succinct Ideas, providing quality website support and online marketing for small businesses.