WordPress Plugin Vulnerabilities

Photo Gallery < 1.6.3 - Unauthenticated SQL Injection

Description

The plugin does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.

Proof of Concept

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.6.3

References

CVE
CVE-2022-1281

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
8.6 (high)

Miscellaneous

Original Researcher
ZhongFu Su(JrXnm) of Wuhan University
Submitter
ZhongFu Su(JrXnm) of Wuhan University
Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified
Yes
WPVDB ID
2b4866f2-f511-41c6-8135-cf1e0263d8de

Timeline

Publicly Published
2022-04-11 (about 3 years ago)
Added
2022-04-11 (about 3 years ago)
Last Updated
2022-09-26 (about 3 years ago)

Other

Published
Title
Published
2022-12-05
Title
Contest Gallery < 19.1.5 - Admin+ SQL Injection
Published
2024-06-10
Title
Blog2Social: Social Media Auto Post & Scheduler < 7.4.2 - Authenticated (Subscriber+) SQL Injection
Published
2014-08-01
Title
Contus Video Gallery 2.0 & 1.6 - SQL Injection
Published
2025-07-24
Title
WooCommerce Point Of Sale (POS) <= 1.4 - Authenticated (Subscriber+) SQL Injection
Published
2014-08-01
Title
Global Flash Galleries - popup.php id Parameter SQL Injection