WordPress Plugin Vulnerabilities

Nextgen Gallery < 3.2.11 - SQL Injection

Description

The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
nextgen-gallery
Fixed in 3.2.11

References

CVE
CVE-2019-14314
URL
https://fortiguard.com/zeroday/FG-VD-19-099
URL
https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Tin Duong of Fortinet's FortiGuard Labs
Verified
No
WPVDB ID
01732835-90f6-48f2-8f51-a8a09c97b076

Timeline

Publicly Published
2019-08-27 (about 6 years ago)
Added
2019-08-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-01-17
Title
MainWP Google Analytics Extension < 4.0.5 - Subscriber+ SQLi
Published
2024-04-16
Title
WooCommerce Multilingual & Multicurrency with WPML < 5.3.4 - Shop Manager+ SQL Injection
Published
2017-10-03
Title
Relevanssi <= 3.6.0 - Authenticated Admin SQL Injection
Published
2021-10-20
Title
Download Monitor < 4.4.5 - Admin+ SQL Injection
Published
2014-08-01
Title
Leaflet Maps Marker - Tag Multiple Parameter SQL Injection