CVE-2024-0221

Name of the Vulnerable Software and Affected Versions The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.19

Description The issue allows authenticated attackers to rename arbitrary files on the server via the rename item function, potentially leading to site takeovers if the wp-config.php file can be renamed. By default, this can be exploited by administrators only, but in the premium version, administrators can give gallery management permissions to lower-level users, making it exploitable by users as low as contributors. Over 200,000 sites are at risk.

Recommendations For versions up to, and including, 1.8.19, update to a version higher than 1.8.19 to resolve the issue. As a temporary workaround, consider restricting access to the rename item function until a patch is available. Restrict gallery management permissions to minimize the risk of exploitation.