NextGen Gallery is a popular WordPress plugin designed to create highly responsive image galleries. It has been installed in over 800,000 WordPress websites. Two Cross-Site Request Forgery (CSRF) vulnerabilities were later determined in the plugin by the Wordfence Threat Intelligence research team on December 14, 2020. The vulnerabilities included a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS). These flaws made the integrated websites vulnerable to malicious attackers. The exploitation of such attacks could lead to site takeover, malicious redirects, spam injection, and phishing. The plugin’s publisher, Imagely, then released firewall rules to the patched version of NextGen Gallery to Wordfence Premium users first and later to sites running the free version.
Security Patches for Critical Vulnerabilities in NextGen Gallery Plugin
March 5, 2022 | | Updated: August 12, 2022
Related Platforms
Our Locations
Recent Case Studies
-
June 06, 2023
Customization of WooCommerce Plugin and Marketplace Release for a Non-profit Fintech Solution Provider
Creating a custom plugin for WooCommerce stores is often more complex than you think. Many organizations need to understand the complexities of the pr ...
Read More -
April 14, 2023
Custom Energy Enrollment Portal Development in Magento for Buying Energy Services
At Virtina, we always welcome a new challenge. It is one of the reasons why we have worked with almost every industry ranging from healthcare companie ...
Read More -
March 30, 2023
Magento 2 Store Development With a Custom FFL Dealer Locator for an Online Firearms Dealer
All eCommerce website development tasks are not the same. Some online stores are significantly more complex than others. Developing an online firearms ...
Read More -
March 15, 2023
Highly-customized BigCommerce App for a Leading Fintech Company Offering POS BNPL Services
One thing that separates Virtina from the rest of the eCommerce developers is its ability to work with innovative technologies. We were only happy whe ...
Read More