CVE-2015-1784 – CVE-2015-1784 is an arbitrary file upload vulne... (How to Fix)

Q: What is the severity of CVE-2015-1784?

CVE-2015-1784 has a CVSS score of 8.8 (HIGH). CVE-2015-1784 is an arbitrary file upload vulnerability in the NextGEN Gallery WordPress plugin that allows attackers to upload malicious files and execute arbitrary code. This affects WordPress sites using NextGEN Gallery versions before 2.0.77.3. Attackers can gain full administrative control over vulnerable WordPress installations.

📋 TL;DR

CVE-2015-1784 is an arbitrary file upload vulnerability in the NextGEN Gallery WordPress plugin that allows attackers to upload malicious files and execute arbitrary code. This affects WordPress sites using NextGEN Gallery versions before 2.0.77.3. Attackers can gain full administrative control over vulnerable WordPress installations.

💻 Affected Systems

Products:

NextGEN Gallery WordPress Plugin

Versions: All versions before 2.0.77.3

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable NextGEN Gallery plugin versions installed and activated.

📦 What is this software?

Nextgen Gallery by Imagely

View all CVEs affecting Nextgen Gallery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the WordPress site, allowing attackers to install backdoors, deface websites, steal data, or use the server for further attacks.

🟠

Likely Case

Remote code execution leading to website defacement, malware distribution, or credential theft.

🟢

If Mitigated

No impact if proper file validation and access controls are implemented.

🌐 Internet-Facing: HIGH - WordPress plugins are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Internal WordPress installations could still be compromised if accessed by malicious insiders.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploits are publicly available and require minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.77.3 and later

Vendor Advisory: https://wordpress.org/plugins/nextgen-gallery/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find NextGEN Gallery and click 'Update Now'. 4. Alternatively, download version 2.0.77.3+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable NextGEN Gallery Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate nextgen-gallery

Restrict File Uploads

linux

Configure web server to block uploads of executable files to the NextGEN upload directory.

# Add to .htaccess in uploads directory:
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious file upload attempts
Restrict access to the WordPress admin interface and implement strong authentication controls

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → NextGEN Gallery version. If version is below 2.0.77.3, system is vulnerable.

Check Version:

wp plugin get nextgen-gallery --field=version

Verify Fix Applied:

Verify NextGEN Gallery version is 2.0.77.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple file upload attempts to NextGEN Gallery endpoints
Uploads of files with .php, .phtml, or other executable extensions
Unauthorized administrative actions following uploads

Network Indicators:

POST requests to /wp-content/plugins/nextgen-gallery/upload.php with suspicious file types
Unusual outbound connections from WordPress server

SIEM Query:

source="wordpress.log" AND ("nextgen-gallery/upload" OR "ngg_upload") AND ("php" OR "phtml" OR "executable")

📊 Metadata

CVE ID: CVE-2015-1784

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: July 7, 2022

Last Updated: November 21, 2024

🔗 References

https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress Exploit,Third Party Advisory
https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4 Third Party Advisory
https://blog.nettitude.com/uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress Exploit,Third Party Advisory
https://wpscan.com/vulnerability/c894727a-b779-4583-a860-13c2c27275d4 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-1784, you might also want to check these: