A high-severity vulnerability has been identified in the NextGEN Gallery plugin for WordPress, a widely used tool for managing photo galleries. This flaw, known as Local File Inclusion, could allow an unauthenticated attacker to read sensitive files directly from the web server. Successful exploitation could lead to the theft of confidential data, such as database credentials, and potentially result in a complete compromise of the affected website.

The NextGEN Gallery plugin is vulnerable to Local File Inclusion (LFI). This vulnerability occurs because the application uses user-supplied input to construct a file path without proper validation or sanitization. An attacker can exploit this by crafting a malicious request containing directory traversal sequences (e.g., ../) to navigate the server's file system and include arbitrary files. This could allow the attacker to read the contents of sensitive files such as wp-config.php (which contains database credentials), /etc/passwd, or other application and system configuration files.

This vulnerability is rated as high severity with a CVSS score of 8.8. A successful exploit could have a significant negative impact on the business. The primary risk is the exposure of sensitive data, including database credentials, API keys, and internal system information, which could lead to further system compromise. This breach could result in financial loss, reputational damage, loss of customer trust, and potential regulatory penalties for non-compliance with data protection standards. Disruption of business operations is also possible if the attacker uses the gained access to deface the website or compromise the underlying server.

Immediate Action:

• Immediately update the "Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery" plugin to the latest version provided by the vendor, which contains a patch for this vulnerability.
• If the plugin is not essential for business operations, consider deactivating and removing it entirely to eliminate the associated attack surface.
• Review WordPress security settings to ensure they align with security best practices.

Proactive Monitoring:

• Monitor web server access logs for requests containing directory traversal patterns (../, ..\/) or attempts to access common sensitive files like wp-config.php or /etc/passwd.
• Implement File Integrity Monitoring (FIM) to detect unauthorized changes to core WordPress files, themes, and plugins.
• Monitor for unusual outbound network traffic from the web server, which could indicate data exfiltration.

Compensating Controls:

• If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block LFI and directory traversal attacks.
• Harden server file permissions to restrict the web server process from accessing files and directories outside of its intended scope.
• In PHP settings, configure the open_basedir directive to strictly limit the file system locations from which PHP can read files.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the critical nature of a Local File Inclusion vulnerability, immediate action is required. We strongly recommend that all teams responsible for WordPress websites immediately identify any instances of the NextGEN Gallery plugin and apply the security update. Due to the high probability of future exploitation, this vulnerability should be treated with the highest priority. Organizations should also use this opportunity to conduct a full audit of all installed plugins, removing any that are outdated or no longer necessary to reduce the overall attack surface.