CVE-2022-0826 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2022-0826?

CVE-2022-0826 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the WP Video Gallery plugin. It affects all WordPress installations with the plugin version 1.7.1 or earlier, potentially leading to data theft, manipulation, or site compromise.

📋 TL;DR

This vulnerability allows unauthenticated attackers to execute arbitrary SQL commands on WordPress sites using the WP Video Gallery plugin. It affects all WordPress installations with the plugin version 1.7.1 or earlier, potentially leading to data theft, manipulation, or site compromise.

💻 Affected Systems

Products:

WP Video Gallery WordPress plugin

Versions: through 1.7.1

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any WordPress installation with the vulnerable plugin version enabled, regardless of OS or configuration.

📦 What is this software?

Wp Video Gallery Free by Wp Video Gallery Free Project

View all CVEs affecting Wp Video Gallery Free →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise, including sensitive data exfiltration, privilege escalation, or remote code execution via SQL injection.

🟠

Likely Case

Unauthorized access to or modification of plugin-related data, such as video metadata or user information stored in the database.

🟢

If Mitigated

Limited impact if the plugin is disabled or patched, but residual risk if other vulnerabilities exist.

🌐 Internet-Facing: HIGH, as the exploit is unauthenticated and targets a common web application component accessible over the internet.

🏢 Internal Only: MEDIUM, as internal systems may still be vulnerable if the plugin is used, but exposure is reduced compared to internet-facing instances.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward due to lack of input sanitization and unauthenticated access via AJAX actions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.2 or later

Vendor Advisory: https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Video Gallery and update to version 1.7.2 or later. 4. Verify the update completes successfully.

🔧 Temporary Workarounds

Disable the plugin

all

Temporarily deactivate the WP Video Gallery plugin to prevent exploitation until patching is possible.

wp plugin deactivate wp-video-gallery

Restrict AJAX access

linux

Use a web application firewall (WAF) or .htaccess rules to block unauthorized access to the vulnerable AJAX endpoint.

# Example .htaccess rule: Deny from all for specific AJAX path

🧯 If You Can't Patch

Disable the WP Video Gallery plugin immediately to eliminate the attack surface.
Implement network segmentation and strict access controls to limit exposure of the vulnerable system.

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in WordPress admin under Plugins > Installed Plugins; if WP Video Gallery is version 1.7.1 or earlier, it is vulnerable.

Check Version:

wp plugin get wp-video-gallery --field=version

Verify Fix Applied:

After updating, confirm the plugin version is 1.7.2 or later in the WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries or errors in WordPress or database logs related to the wp_video_gallery table or AJAX actions.

Network Indicators:

HTTP requests to /wp-admin/admin-ajax.php with parameters indicative of SQL injection attempts.

SIEM Query:

source="wordpress.log" AND "admin-ajax.php" AND ("wp_video_gallery" OR "sql" OR "injection")

📊 Metadata

CVE ID: CVE-2022-0826

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 9, 2022

Last Updated: November 21, 2024

🔗 References

https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/7a3eed3b-c643-4e24-b833-eba60ab631c5 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0826, you might also want to check these: