WordPress Plugin Vulnerabilities

wordpress-gallery-transformation 1.0 - Blind SQL Injection

Description

The wordpress-gallery-transformation WordPress plugin was affected by a Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
wordpress-gallery-transformation
No known fix

References

CVE
CVE-2017-1002028
URL
http://www.vapidlabs.com/advisory.php?v=199

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
582f1186-664e-48aa-9c5f-e8cd470e9dc5

Timeline

Publicly Published
2017-07-22 (about 8 years ago)
Added
2017-08-16 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-08-07
Title
JoomSport <= 3.3 - SQL Injection
Published
2026-03-16
Title
WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.31 - Authenticated (Subscriber+) SQL Injection
Published
2023-09-26
Title
Welcart e-Commerce < 2.8.22 - Editor+ SQL Injection
Published
2025-03-24
Title
WP Profitshare <= 1.4.9 - Authenticated (Editor+) SQL Injection
Published
2025-06-24
Title
Homey <= 2.4.5 - Unauthenticated SQL Injection