WordPress Plugin Vulnerabilities

Gallery Bank < 3.0.330 - Authenticated Blind SQL Injection

Description

The WordPress Photo Gallery Plugin by Gallery Bank WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
gallery-bank
Fixed in 3.0.330

References

URL
http://cinu.pl/research/wp-plugins/mail_d0a214b641a25deb453620ba181aab28.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d7ef09ab-224c-4d5d-9802-58aecc548ac7

Timeline

Publicly Published
2015-08-21 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2024-01-18
Title
Stripe Payment Plugin for WooCommerce < 3.8.0 - Unauthenticated SQL Injection
Published
2021-11-15
Title
Quotes Collection <= 2.5.2 - Admin+ SQL Injection
Published
2024-07-08
Title
OSM – OpenStreetMap < 6.0.4 - Contributor+ SQL Injection
Published
2025-06-05
Title
Store Locator WordPress < 1.5.2 - Authenticated (Administrator+) SQL Injection
Published
2025-02-20
Title
Pinpoint Booking System – #1 WordPress Booking Plugin < 2.9.9.6.0 - Authenticated (Subscriber+) SQL Injection