WordPress Plugin Vulnerabilities

Huge IT Image Gallery < 1.9.0 - Unauthenticated SQL Injection

Description

The gallery-images WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
gallery-images
Fixed in 1.9.0

References

CVE
CVE-2016-11018
URL
http://10degres.net/cve-2016-11018-image-gallery-sql-injection/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
24ef3c08-3b5c-4129-87eb-9965ff422ef4

Timeline

Publicly Published
2016-05-20 (about 9 years ago)
Added
2020-01-21 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-23
Title
Eagle Booking <= 1.3.4.3 - Authenticated (Subscriber+) SQL Injection
Published
2022-12-05
Title
Contest Gallery < 19.1.5 - Author+ SQL Injection
Published
2021-07-23
Title
Comment Highlighter <= 0.13 - Authenticated SQL Injection
Published
2023-05-30
Title
Tutor LMS < 2.2.0 - Unauthenticate SQL Injection
Published
2025-02-23
Title
WP Yelp Review Slider < 8.2 - Authenticated (Administrator+) SQL Injection