Vimeo SimpleGallery Plugin Vulnerability

The Vimeo SimpleGallery plugin for WordPress is a popular image gallery plugin used by many websites to display and manage images. This vulnerability allows authenticated attackers with Subscriber-level access and above to modify arbitrary plugin settings via the action parameter, potentially leading to unauthorized changes to the website's content.

You're affected if you use Vimeo SimpleGallery. Specific version info not stated in the advisory.

To fix this vulnerability, upgrade to Vimeo SimpleGallery version 0.3 or later. You can do this by following these steps:

1. Log in to your WordPress dashboard and go to the Plugins page.
2. Click on "Add New" and search for "Vimeo SimpleGallery".
3. Click on the "Install" button next to the plugin.
4. Activate the plugin.

Alternatively, if you cannot upgrade immediately, consider implementing immediate mitigations:

• Restrict network access to your WordPress instance (firewall it from the public internet).
• Audit admin account activity for suspicious access patterns.
• Monitor for unauthorized token creation.

• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• www.wordfence.com