Critical Vulnerability Found in Envira Photo Gallery Plugin & How to Protect Your Site
Envira Photo Gallery Plugin allows you to create a beautiful responsive photo video gallery for a WordPress site in minutes. This means that your image gallery will always look great on all devices (mobile devices, tablets, laptops, and computers).
But don’t worry. The developer has released a patch. All you need to do is update the plugin right away.
Are You Affected By This Vulnerability?
If your website is running Envira Photo Gallery 1.7.6 version for WordPress, then you might be affected by this vulnerability.
How Do You Know the Version?
When you log in to your WordPress dashboard, go to plugins, in the description of Envira Photo Gallery plugin you will find the version mentioned.
How Does Stored XSS Vulnerability Affect Your Website?
In cross-site scripting or XSS attack, hackers exploit vulnerable input fields like the comment section or contact form.
Once a hacker gains access to the site, they could use the site to execute malicious activities like redirecting the visitor to other malicious sites, sending out spam emails, attacking other websites, using black hat SEO techniques to rank their own products (recommended read – pharma hack), etc.
But you can protect your website against this type of vulnerabilities.
How to Protect Your Website From Envira Gallery Vulnerability?
There are two steps that you take to protect your WordPress website against Envira Gallery Vulnerability:
1. Update the Envira Gallery Plugin (Mandatory)
The developer of the plugin has released an update that’ll fix the vulnerability. Hence update the plugin right away. (Recommended read – How to Update a WordPress Website Safely?)
2. Enable X-XSS HTTP Security Headers
Another way to protect your website from the vulnerability is to enable X-XSS HTTP Security Headers on your WordPress website. After it’s enabled and a hacker tries to tries to open your website, the browser simply won’t load the page. And to learn more about X-XSS HTTP Security Headers and how to implement it, check out our guide on X-XSS Protection WordPress.
Has Your WordPress Site Already Been Hacked?
Wondering if your website has already been hacked?
To be sure, you can scan your website with our WordPress Security Plugin.
1. Install MalCare into your website.
2. Then from the left-hand menu on your WordPress dashboard, select MalCare.
3. Next, enter your email ID, select Malware Scan and click on the Scan Site button. MalCare will begin scanning your website immediately.
If the plugin detects malware on your site then you can go ahead and clean the website using the same plugin.
MalCare instant cleaner but you’ll need to upgrade to clean your website.
4. To clean your website all you need to do is click on the Auto-Clean button and the plugin will begin cleaning your website.
MalCare will take a few minutes to clean your hacked website.
We really hope that the article helped you secure your website. But you need to take measures to ensure that your website remains safe from vulnerable plugins and hack attacks in the future.
Therefore, install a WordPress security plugin like MalCare to keep your website protected.
MalCare helps you regularly keep your website updated. It comes with a firewall and login protection measures that protect your site from brute force attacks. Moreover, it scans your website daily and alerts you if your site is hacked before it gets blacklisted by Google or suspended by your hosting provider.
Try MalCare Security Plugins Now!
Springzo is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Springzo distils the wisdom gained from building plugins to solve security issues that admins face.