WordPress Plugin Vulnerabilities

Wordpress Video Gallery <= 2.7 - SQL Injection

Description

The contus-video-gallery WordPress plugin was affected by a SQL Injection security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
contus-video-gallery
Fixed in 2.8

References

CVE
CVE-2015-2065
Exploitdb
36058
URL
https://packetstormsecurity.com/files/#130371/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
71216adf-1301-49e4-9ee0-2abd794d1a47

Timeline

Publicly Published
2015-02-11 (about 11 years ago)
Added
2015-02-12 (about 11 years ago)
Last Updated
2020-03-02 (about 6 years ago)

Other

Published
Title
Published
2022-12-06
Title
Build App Online < 1.0.19 - Unauthenticated SQL Injection
Published
2026-01-07
Title
Ninja Tables < 5.2.5 - Authenticated (Contributor+) SQL Injection
Published
2026-03-23
Title
JetEngine < 3.8.6.2 - Unauthenticated SQL Injection via Listing Grid 'filtered_query' Parameter
Published
2015-04-23
Title
Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection
Published
2025-01-31
Title
MultiLoca - WooCommerce Multi Locations Inventory Management < 4.1.12 - Authenticated (Subscriber+) SQL Injection