WordPress Plugin Vulnerabilities

Photo Gallery <= 1.2.7 - Unauthenticated SQL injection

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by an Unauthenticated SQL injection security vulnerability.

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.2.8

References

CVE
CVE-2015-1055
URL
https://packetstormsecurity.com/files/#129927/
URL
https://seclists.org/fulldisclosure/2015/Jan/36

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
5ba13c96-6b88-46c7-b366-d705cdf85551

Timeline

Publicly Published
2015-01-12 (about 11 years ago)
Added
2015-01-12 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-02-18
Title
LTL Freight Quotes – TForce Edition < 3.6.5 - Unauthenticated SQL Injection
Published
2023-01-23
Title
WP Review Slider < 12.2 - Subscriber+ SQLi
Published
2025-04-02
Title
Social Share And Social Locker <= 1.4.2 - Unauthenticated SQL Injection
Published
2025-03-07
Title
WP-Recall – Registration, Profile, Commerce & More < 16.26.12 - Unauthenticated SQL Injection
Published
2023-01-17
Title
MainWP Maintenance Extension < 4.1.2 - Subscriber+ SQL Injection (SQLi)