WordPress Plugin Vulnerabilities

Social Photo Gallery <= 1.0 - Remote Code Execution (RCE)

Description

The Social Photo Gallery WordPress plugin was affected by a Remote Code Execution (RCE) security vulnerability.

Affects Plugins

Plugin icon
social-photo-gallery
No known fix

References

CVE
CVE-2019-14467
URL
https://packetstormsecurity.com/files/#155357/
URL
https://seclists.org/fulldisclosure/2019/Nov/13

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
7.8 (high)

Miscellaneous

Verified
No
WPVDB ID
6d152aed-ec1c-41c4-a593-dedde9ab55d7

Timeline

Publicly Published
2019-11-13 (about 6 years ago)
Added
2019-11-15 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-07
Title
Ultimate Member <= 2.10.3 - Admin+ Arbitrary Function Call
Published
2023-03-20
Title
JetEngine < 3.1.3.1 - Author+ Remote Code Execution
Published
2024-10-14
Title
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.122 - Authenticated (Editor+) Remote Code Execution
Published
2014-05-11
Title
Formidable Forms Pro < 1.06.03 - Arbitrary File Upload via ofc_upload_image.php
Published
2025-08-14
Title
Add Custom Codes < 5.0 - Authenticated (Contributor+) Remote Code Execution