WordPress Plugin Vulnerabilities

Portfolio Gallery < 1.1.9 - SQL Injection

Description

The plugin does not sanitize and escape some parameters before using them in an SQL Query, allowing low users, with roles as low as subscriber, to execute arbitrary SQL statements.

Affects Plugins

Plugin icon
portfolio-gallery
Fixed in 1.1.9

References

CVE
CVE-2014-125101
URL
https://vuldb.com/?ctiid.230085
URL
https://github.com/wp-plugins/portfolio-gallery/commit/58ed88243e17df766036f4857041edaf358076d3

Miscellaneous

Original Researcher
VulDB GitHub Commit Analyzer
Verified
No
WPVDB ID
8a3a58db-539a-4004-b45a-faa8470d6cc1

Timeline

Publicly Published
2014-09-19 (about 11 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2025-01-29
Title
WooCommerce Wishlist < 1.8.8 - Unauthenticated Wishlist Disclosure via download_pdf_file Function
Published
2025-03-11
Title
BP Email Assign Templates <= 1.6 - Missing Authorization to Authorization Bypass
Published
2026-01-15
Title
Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit < 5.1.6 - Missing Authorization to Unauthenticated Rede Order Logs Deletion
Published
2023-11-28
Title
WP Forms Puzzle Captcha <= 4.1 - Captcha Bypass
Published
2018-06-27
Title
WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion