Introduction to the Vulnerability
A security advisory was published about a vulnerability in the Photo Gallery by 10Web plugin, which has over 200,000 installations. The vulnerability affects how the plugin handles image comments, exposing some sites to unauthorized data modification by unauthenticated attackers. This means that attackers do not need to register with the site to exploit the vulnerability.
What is the Photo Gallery by 10Web Plugin?
The Photo Gallery by 10Web plugin is used by WordPress sites to create and display image galleries, slideshows, and albums in a variety of layouts. It is commonly used by photography sites, portfolios, and businesses that rely on visual content. The plugin’s popularity makes the vulnerability a significant concern for site owners who use it.
About the Vulnerability
The flaw can be exploited by unauthenticated visitors, meaning anyone can trigger the issue without logging in. This significantly increases exposure because there is no barrier to entry, such as having to register with the website or attain a higher permission level. It is essential to note that image comments, where the vulnerability exists, are only available in the Pro version of the plugin. Sites that do not use the comments feature are not affected by this specific issue.
What Went Wrong
The vulnerability is caused by a missing capability check in the plugin’s delete_comment() function. The plugin does not verify whether a request to delete an image comment is coming from someone who is allowed to perform that action. Normally, WordPress plugins are expected to confirm that a user has the appropriate permissions before modifying site content. That check is missing with this plugin. Because the plugin fails to perform this verification, it accepts deletion requests even when they come from unauthenticated users.
Impact of the Vulnerability
An attacker can delete arbitrary image comments from a site. This vulnerability has a severity level rating of 5.3, which is a medium threat level. Although this vulnerability does not enable a full website takeover or any other server compromise, it does allow unauthorized deletion of image comments. For sites that rely on image comments for engagement, moderation history, or user interaction, this can result in data loss and disruption.
Affected Versions
The vulnerability affects all versions of the plugin up to and including version 1.8.36. The issue is tied specifically to the comment deletion functionality. Since image comments are only available in the Pro version of the plugin, exploitation is limited to sites running that version with comments enabled. No special server configuration or user interaction is required beyond the plugin being active and vulnerable.
Solution and Prevention
A patch is available to fix the vulnerability. Site owners should update the Photo Gallery by 10Web plugin to version 1.8.37 or later, which includes a security fix addressing this issue. If updating is not possible, disabling the plugin or the comments feature will prevent exploitation until the site can be patched. Keeping the plugin up to date is the only direct fix for this vulnerability.
Conclusion
The vulnerability in the Photo Gallery by 10Web plugin poses a significant risk to site owners who use the plugin, especially those with the Pro version and comments enabled. By understanding the vulnerability, its causes, and its impact, site owners can take the necessary steps to protect their sites. Updating the plugin to the latest version is crucial to prevent unauthorized data modification and ensure the security of image comments. Site owners must prioritize keeping their plugins up to date to prevent such vulnerabilities from being exploited.