WordPress Plugin Vulnerabilities

Gallery Photo Gallery < 1.0.1 - SQL Injection

Description

The Gallery – Photo Gallery WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
gallery-photo-gallery
Fixed in 1.0.1

References

CVE
CVE-2016-10921

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
454fa092-8747-4483-b4d9-fdea4358c8fe

Timeline

Publicly Published
2016-07-11 (about 9 years ago)
Added
2019-08-22 (about 6 years ago)
Last Updated
2020-11-28 (about 5 years ago)

Other

Published
Title
Published
2016-12-12
Title
WP Support Plus Responsive Ticket System < 8.0.0 – Authenticated SQL Injection
Published
2026-01-27
Title
VidShop – Shoppable Videos for WooCommerce < 1.1.5 - Unauthenticated Time-Based SQL Injection via 'fields'
Published
2014-08-01
Title
Event Registration <= 5.43 - SQL Injection
Published
2024-06-04
Title
LifterLMS – WordPress LMS Plugin for eLearning < 7.6.3 - Authenticated (Contributor+) SQL Injection via Shortcode
Published
2015-12-15
Title
WP Polls < 2.72 - SQL Injection