NextGen Gallery is a popular WordPress plugin designed to create highly responsive image galleries. It has been installed in over 800,000 WordPress websites. Two Cross-Site Request Forgery (CSRF) vulnerabilities were later determined in the plugin by the Wordfence Threat Intelligence research team on December 14, 2020. The vulnerabilities included a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS). These flaws made the integrated websites vulnerable to malicious attackers. The exploitation of such attacks could lead to site takeover, malicious redirects, spam injection, and phishing. The plugin’s publisher, Imagely, then released firewall rules to the patched version of NextGen Gallery to Wordfence Premium users first and later to sites running the free version.
Security Patches for Critical Vulnerabilities in NextGen Gallery Plugin
Related Platforms
Our Locations
Recent Case Studies
-
June 09, 2022Custom BigCommerce Middleware Development for an Australian BNPL Company
Summary – BigCommerce Middleware Customization Virtina recently triumphantly executed a project for a client based in Australia and New Zealand. The ...
Read More -
June 04, 2021
Split-order, Split-shipment, and State-wise Sales Tax Issues Resolved for a WooCommerce Company
Summary Virtina won a prestigious project from a rental theme kit delivery company in Colorado, United States. The company creates playful experiences ...
Read More -
January 08, 2021Building a WooCommerce Store for the World’s Largest Government-run Retail Chain
Summary A governmental organization approached Virtina to build a website that enabled the organization members to buy products like automobiles and h ...
Read More -
September 07, 2020Custom Volusion Middleware Development for a Banking Software Company in Virginia
SummaryTreasury Software is a company that develops banking software and is a Microsoft Gold Certified Partner. The company develops banking software ...
Read More
