WordPress Plugin Vulnerabilities

Photo Gallery by 10Web <= 1.5.30 - SQL Injection

Description

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
photo-gallery
Fixed in 1.5.31

References

CVE
CVE-2019-14313
URL
https://fortiguard.com/zeroday/FG-VD-19-101
URL
https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Tin Duong of Fortinet's FortiGuard Labs
Verified
No
WPVDB ID
9d64f953-76a7-4aca-ab7b-2e2704b96642

Timeline

Publicly Published
2019-07-26 (about 6 years ago)
Added
2019-07-26 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-03-02
Title
Calculated Fields Form < 1.0.12 - SQL Injection via CSRF
Published
2019-03-15
Title
Better Search 2.2.2 - Unauthenticated SQL Injection
Published
2023-07-20
Title
Onepage Builder <= 2.4.1 - Admin+ SQLi
Published
2014-08-01
Title
myftp-ftp-like-plugin-for-wordpress v2 - SQL Injection
Published
2021-06-16
Title
Filebird 4.7.3 - Unauthenticated SQL Injection