A high-severity vulnerability has been identified in the All-in-One Video Gallery plugin for WordPress. This flaw allows an attacker to upload malicious files directly to the server, which can lead to a complete compromise of the affected website, data theft, and further network intrusion. Immediate patching is required to mitigate the significant risk of website takeover.

The vulnerability exists within the resolve_import_directory() function of the plugin, which is responsible for handling file uploads. The function lacks proper validation to check the type of file being uploaded, a vulnerability known as Unrestricted File Upload. An attacker can exploit this by crafting a request to upload a malicious script (e.g., a PHP web shell) disguised as a legitimate file. Once the malicious file is on the server, the attacker can execute it, gaining the ability to run arbitrary code with the permissions of the web server process, leading to a full system compromise.

This vulnerability is rated as High severity with a CVSS score of 8.8, posing a significant threat to the organization. Successful exploitation could lead to a complete takeover of the web server, resulting in website defacement, theft of sensitive data such as customer information or intellectual property, and installation of malware. The compromised server could also be used as a pivot point for further attacks against the internal network or leveraged in broader campaigns like phishing or Distributed Denial-of-Service (DDoS) attacks, causing severe reputational damage and potential financial loss.

Immediate Action: Immediately update the "All-in-One Video Gallery" plugin to the latest patched version provided by the vendor. After updating, verify that the patch has been successfully applied. If the plugin is not critical to business operations, a secondary recommendation is to deactivate and completely remove it to eliminate this attack vector.

Proactive Monitoring: Monitor web server access logs for any unusual or unexpected file uploads, particularly files with executable extensions like .php, .phtml, or .phar in media or upload directories. Implement File Integrity Monitoring (FIM) to detect unauthorized changes to core WordPress files, themes, or plugins. Scrutinize outbound network traffic from web servers for connections to suspicious IP addresses.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules designed to block the upload of executable file types. Additionally, configure web server permissions to prevent script execution in directories where file uploads are stored.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the risk of complete server compromise, this vulnerability requires immediate attention. Although not currently listed on the CISA KEV list, its severity warrants an emergency patching cycle. We strongly recommend that all instances of the "All-in-One Video Gallery" plugin are updated to the latest version across all company-managed WordPress sites without delay to prevent potential exploitation.