CVE-2015-1785: 
WordPress vulnerability analysis and mitigation

CVE-2015-1785 affects the NextGEN Gallery WordPress plugin versions before 2.0.77.3. This vulnerability, discovered on March 9th, 2015, and patched on March 12th, 2015, is one of two critical security issues found in the plugin. The NextGEN Gallery plugin, being the sixth most popular WordPress plugin with over 12 million users, was exposed to potential unauthorized access through Cross-Site Request Forgery (CSRF) attacks (Nettitude Blog).

The vulnerability stems from the lack of security measures preventing unwanted HTTP requests in the file upload functionality. The plugin failed to implement unique tokens or nonces to protect against CSRF attacks in the file upload page. This security gap, combined with unsafe file upload validation, allowed attackers to bypass both client-side and server-side validation mechanisms. The CVSS v3.1 score for this vulnerability is 6.5 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N (NVD).

The vulnerability's impact was significant due to the plugin's large user base. Of the 12 million installations, approximately 2.4 million (20%) allowed lower-level users (editors and subscribers) to perform image uploads, while about 100,000 users had extensions enabling public file uploading. This meant that all 12 million installations were vulnerable to CSRF attacks with potential webshell execution, 2.4 million were vulnerable to webshell through unsafe file upload, and 100,000 were vulnerable to unauthenticated unsafe file upload (Nettitude Blog).

The vulnerability was patched in version 2.0.77.3 of the NextGEN Gallery plugin. Users were advised to update to this version or later to protect against these security issues (WPScan).