CVE-2021-24970 – This vulnerability in the All-in-One Video Gall... (How to Fix)

Q: What is the severity of CVE-2021-24970?

CVE-2021-24970 has a CVSS score of 7.2 (HIGH). This vulnerability in the All-in-One Video Gallery WordPress plugin allows attackers to include arbitrary local files on the server through an unsanitized 'tab' parameter. Attackers can read sensitive files like configuration files or potentially execute code if they can upload malicious files. WordPress sites using vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability in the All-in-One Video Gallery WordPress plugin allows attackers to include arbitrary local files on the server through an unsanitized 'tab' parameter. Attackers can read sensitive files like configuration files or potentially execute code if they can upload malicious files. WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

All-in-One Video Gallery WordPress Plugin

Versions: All versions before 2.5.0

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have admin access to WordPress dashboard, which could be obtained through credential theft, XSS, or other vulnerabilities.

📦 What is this software?

All In One Video Gallery by Plugins360

View all CVEs affecting All In One Video Gallery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, and website defacement.

🟠

Likely Case

Information disclosure of sensitive files like wp-config.php containing database credentials.

🟢

If Mitigated

Limited impact if file permissions are restrictive and web server runs with minimal privileges.

🌐 Internet-Facing: HIGH - WordPress admin panels are typically internet-accessible, and the vulnerability requires admin access which attackers can obtain through other means.

🏢 Internal Only: MEDIUM - Internal attackers with admin access could exploit this, but external threat is more significant.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin-level access. Public proof-of-concept code exists demonstrating file inclusion.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.0 and later

Vendor Advisory: https://wpscan.com/vulnerability/9b15d47e-43b6-49a8-b2c3-b99c92101e10

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find 'All-in-One Video Gallery'. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.5.0+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Remove vulnerable plugin

all

Temporarily disable or remove the plugin until patched

wp plugin deactivate all-in-one-video-gallery
wp plugin delete all-in-one-video-gallery

Restrict admin access

linux

Limit WordPress admin panel access to trusted IP addresses only

# Add to .htaccess for Apache:
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
# Add to nginx config:
location /wp-admin {
    allow 192.168.1.0/24;
    deny all;
}

🧯 If You Can't Patch

Implement strict file permissions (644 for files, 755 for directories)
Use web application firewall to block LFI patterns in requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → All-in-One Video Gallery → Version. If version is below 2.5.0, you are vulnerable.

Check Version:

wp plugin get all-in-one-video-gallery --field=version

Verify Fix Applied:

Confirm plugin version is 2.5.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in web server logs
Requests to wp-admin/admin.php with tab parameter containing path traversal sequences (../../)

Network Indicators:

HTTP requests to /wp-admin/admin.php?page=aiovg_videos&tab= with suspicious parameters

SIEM Query:

source="web_access.log" AND uri_path="/wp-admin/admin.php" AND query="*tab=*../*"

📊 Metadata

CVE ID: CVE-2021-24970

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: December 13, 2021

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/9b15d47e-43b6-49a8-b2c3-b99c92101e10 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/9b15d47e-43b6-49a8-b2c3-b99c92101e10 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24970, you might also want to check these: