Assistant for NextGEN Gallery WordPress Plugin Arbitrary Directory Deletion Vulnerability

A vulnerability allowing arbitrary directory deletion has been identified in the Assistant for NextGEN Gallery WordPress plugin, in all versions through 1.0.9. This issue arises from inadequate file path validation in the REST endpoint /wp-json/nextgenassistant/v1.0.0/control. As a result, unauthenticated attackers can delete arbitrary directories on the server, leading to a complete loss of availability.

Impact

Exploitation of this vulnerability allows for unauthenticated attackers to delete arbitrary directories on the server, causing a complete loss of availability.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /wp-json/nextgenassistant/v1.0.0/control endpoint. The request must include a destination path that traverses directories, such as '../', which the plugin fails to properly validate. This allows for the deletion of directories outside the intended scope.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.