Do you have a WordPress website? Are you using the NextGen Gallery plugin on your site? Security news site Threatpost has highlighted that researchers have discovered two cross-site request forgery flaws. Users are urged to update the plugin to reduce chances of their site being taken over.

Here’s a quick summary of article ‘Critical WordPress Plugin Flaw Allows Site Takeover’ posted by Threatpost earlier this week:

  • Cross-Site Request Forgery Flaw is a type of website vulnerability – READ: Website Vulnerability – How To Spot A Threat
  • Attackers could exploit a Cross-Site Request Forgery Flaw to perform a malicious attack or to gain unauthorized access to a site.
  • Cross-Site Request Forgery Flaw attacks are implemented via sending links. Attackers could target users by sending malicious links using different technologies.
  • The first flaw identified as ‘CVE-2020-35942’ stems from the plugin’s security function which protects various settings and so does the second flaw ‘CVE-2020-35943’.
  • NextGen Gallery Version 3.5.0 is available for download and includes recent patches issued by the developer, Imagely.

If you’re using the WordPress plugin, be sure to update it and encourage others to do so too.

Click the image below to update.

NextGen WordPress blog image

How do you deactivate the WordPress Gallery Plugin – NextGEN Gallery?

  1. Navigate to the backend of your WordPress website

WordPress backend

2. Select ‘Installed Plugins’ in the left menu

3. Find the plugin that reads ‘WordPress Gallery Plugin – NextGEN Gallery and select deactivate

deactivate plugin

 

Articles you may find useful: 

 

Sources:

https://threatpost.com/critical-wordpress-plugin-flaw-site-takeover/163734/