Critical Vulnerability Found in Envira Photo Gallery Plugin & How to Protect Your Site

Feb 27, 2020

Critical Vulnerability Found in Envira Photo Gallery Plugin & How to Protect Your Site

Feb 27, 2020

Envira Photo Gallery Plugin allows you to create a beautiful responsive photo video gallery for a WordPress site in minutes. This means that your image gallery will always look great on all devices (mobile devices, tablets, laptops, and computers).

The developer of the Envira Photo Gallery plugin has reported finding cross-site scripting (XSS) vulnerability in their plugin. It’s a vulnerability that could allow an attacker to inject malicious code (usually HTML or JavaScript) into site content. And anyone who is viewing an infected page of a site will also be affected by this.

But don’t worry. The developer has released a patch. All you need to do is update the plugin right away. 

Are You Affected By This Vulnerability?

If your website is running Envira Photo Gallery 1.7.6 version for WordPress, then you might be affected by this vulnerability.

How Do You Know the Version?

When you log in to your WordPress dashboard, go to plugins, in the description of Envira Photo Gallery plugin you will find the version mentioned.

 

Envira Photo Gallery version

 

How Does Stored XSS Vulnerability Affect Your Website?

In cross-site scripting or XSS attack, hackers exploit vulnerable input fields like the comment section or contact form.

Suppose you have a contact form plugin enabled on your site for visitors to contact you. Contact forms do not accept JavaScript codes but suppose a vulnerability in the contact form enabled it to accept the code. In that case, hackers can easily exploit the vulnerability to gain access to your website.

Once a hacker gains access to the site, they could use the site to execute malicious activities like redirecting the visitor to other malicious sites, sending out spam emails, attacking other websites, using black hat SEO techniques to rank their own products (recommended read – pharma hack), etc.

If Google learns about these malicious activities they can blacklist the site and the hosting providers can suspend the site until it’s fixed.

But you can protect your website against this type of vulnerabilities.

How to Protect Your Website From Envira Gallery Vulnerability?

There are two steps that you take to protect your WordPress website against Envira Gallery Vulnerability:

1. Update the Envira Gallery Plugin (Mandatory)

The developer of the plugin has released an update that’ll fix the vulnerability. Hence update the plugin right away. (Recommended read – How to Update a WordPress Website Safely?)

2. Enable X-XSS HTTP Security Headers

Another way to protect your website from the vulnerability is to enable X-XSS HTTP Security Headers on your WordPress website. After it’s enabled and a hacker tries to tries to open your website, the browser simply won’t load the page. And to learn more about X-XSS HTTP Security Headers and how to implement it, check out our guide on X-XSS Protection WordPress.

Has Your WordPress Site Already Been Hacked?

Wondering if your website has already been hacked?

To be sure, you can scan your website with our WordPress Security Plugin.

1. Install MalCare into your website.

2. Then from the left-hand menu on your WordPress dashboard, select MalCare.

3. Next, enter your email ID, select Malware Scan and click on the Scan Site button. MalCare will begin scanning your website immediately.

 

free malcare scan

 

If the plugin detects malware on your site then you can go ahead and clean the website using the same plugin.

MalCare instant cleaner but you’ll need to upgrade to clean your website. 

4. To clean your website all you need to do is click on the Auto-Clean button and the plugin will begin cleaning your website.

 

malcare clean

MalCare will take a few minutes to clean your hacked website.

Final Thoughts 

We really hope that the article helped you secure your website. But you need to take measures to ensure that your website remains safe from vulnerable plugins and hack attacks in the future.

Therefore, install a WordPress security plugin like MalCare to keep your website protected.

MalCare helps you regularly keep your website updated. It comes with a firewall and login protection measures that protect your site from brute force attacks. Moreover, it scans your website daily and alerts you if your site is hacked before it gets blacklisted by Google or suspended by your hosting provider.

Try MalCare Security Plugins Now! 

Envira Photo Gallery Plugin Vulnerability
Share via
Copy link