CVE-2024-0221: 
WordPress vulnerability analysis and mitigation

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress (CVE-2024-0221) contains a Directory Traversal vulnerability affecting all versions up to and including 1.8.19. The vulnerability was discovered by security researcher Bence Szalai and publicly disclosed on January 19, 2024. This popular plugin, with over 200,000 active installations, is designed for creating mobile-friendly galleries in WordPress (Security Online).

The vulnerability exists in the rename_item function, which allows authenticated attackers to rename arbitrary files on the server through directory traversal. The severity of this vulnerability is rated as Critical with a CVSS score of 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The flaw is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

The vulnerability can lead to complete site takeovers if exploited successfully, particularly if attackers manage to rename critical files such as wp-config.php. While by default the vulnerability can only be exploited by administrators, in the premium version of the plugin, the risk extends further as administrators can grant gallery management permissions to lower-level users, potentially making the vulnerability exploitable by users with contributor-level access (NVD).

The vulnerability has been patched in version 1.8.20 of the Photo Gallery plugin. Site owners and administrators are strongly advised to update to this latest version immediately to protect their installations (Security Online).