Over 200,000 Sites at Risk: Directory Traversal CVE-2024-0221 Vulnerability Hits Photo Gallery Plugin

A critical directory traversal vulnerability has been found in a popular WordPress plugin. The affected plugin, Photo Gallery by 10Web – Mobile-Friendly Image Gallery, has over 200,000 active installations.

Photo Gallery is the leading plugin for building beautiful mobile-friendly galleries in a few minutes. It’s simple to use yet packed with powerful functionality, allowing you to create anything from simple to complex photo galleries.

Dubbed CVE-2024-0221 and rated with a critical severity score of 9.1, a directory traversal vulnerability threatened to mar the integrity of the Photo Gallery plugin. This flaw discovered up to version 1.8.19, exposed the plugin to potential exploitation through the `rename_item` function, allowing authenticated attackers the ability to rename arbitrary files on the server.

This vulnerability opened the floodgates to sinister possibilities, including the complete takeover of websites. The core of WordPress, embodied in the `wp-config.php` file, stood at risk. If renamed, the very essence of a site could be compromised. Initially, this seemed a threat only to administrators. However, “in the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors.”

Security researcher Bence Szalai identified and reported this critical flaw. In response to this discovery, the developers behind Photo Gallery acted by patching CVE-2024-0221 with the release of version 1.8.20.

Site owners, administrators, and developers are advised to update to the latest versions of Photo Gallery as soon as possible. There is no mention of any of these flaws being exploited in attacks, but unpatched vulnerabilities in WordPress plugins are often leveraged by hackers.