CVE-2021-24139 – This vulnerability allows attackers to execute ... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands on WordPress sites using the Photo Gallery plugin. It affects all WordPress installations with the 10Web Photo Gallery plugin versions before 1.5.55. Attackers can exploit this without authentication via the frontend interface.

💻 Affected Systems

Products:

WordPress 10Web Photo Gallery Plugin

Versions: All versions before 1.5.55

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with vulnerable plugin versions regardless of configuration

📦 What is this software?

Photo Gallery by 10web

View all CVEs affecting Photo Gallery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, and full site takeover

🟠

Likely Case

Data extraction from WordPress database including user credentials, sensitive content, and configuration data

🟢

If Mitigated

Limited impact with proper input validation and database permissions in place

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection via bwg_search_x parameter requires minimal technical skill to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.55

Vendor Advisory: https://wordpress.org/plugins/photo-gallery/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find 'Photo Gallery by 10Web'
4. Click 'Update Now' if available
5. Alternatively, download version 1.5.55+ from WordPress repository
6. Deactivate and delete old version, then install new version

🔧 Temporary Workarounds

Input Validation Web Application Firewall Rule

all

Block requests containing SQL injection patterns in bwg_search_x parameter

WAF rule: Block if ARGS:bwg_search_x contains SQL keywords like UNION, SELECT, INSERT, DELETE, DROP

Plugin Deactivation

linux

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate photo-gallery

🧯 If You Can't Patch

Implement strict input validation for all user-supplied parameters
Restrict database user permissions to minimum required privileges

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins

Check Version:

wp plugin get photo-gallery --field=version

Verify Fix Applied:

Confirm plugin version is 1.5.55 or higher after update

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests with bwg_search_x parameter containing SQL syntax

Network Indicators:

HTTP POST requests to */wp-content/plugins/photo-gallery/frontend/models/model.php with suspicious bwg_search_x values

SIEM Query:

source="web_logs" AND uri="*model.php" AND query="*bwg_search_x*" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*")

📊 Metadata

CVE ID: CVE-2021-24139

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: March 18, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 Third Party Advisory
https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24139, you might also want to check these: