cleantalk
Vulnerabilities and Security Researches

WP Easy Gallery – WordPress Gallery Plugin, 578e9c75aa771ef9002fc14ddc07eb2825d68687

CVE, Research URL

578e9c75aa771ef9002fc14ddc07eb2825d68687

Home page URL

Security reports for WP Easy Gallery – WordPress Gallery Plugin

Application

WP Easy Gallery – WordPress Gallery Plugin

Published on
Feb 18, 2013
Research Description
WP Easy Gallery &#8211; WordPress Gallery Plugin [wp-easy-gallery] < 2.7.1 (closed) WP Easy Gallery <= 2.7 - SQL Injection The WP Easy Gallery plugin for WordPress is vulnerable to generic SQL Injection via the 'galleryId' or 'select_gallery' parameters found in the ‘admin/edit-gallery.php’ file in versions up to, and including, 2.7 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated admin+ attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 2.7.1.
Status
vulnerable
Previous vulnerability researches
WP Easy Gallery &#8211; WordPress Gallery Plugin (399e63cace9d6fec4329f368506106982df2626a) , Jun 16, 2026
WP Easy Gallery &#8211; WordPress Gallery Plugin (b391f49e972c5077c63806ef3e1d146b58abe0de) , Jun 16, 2026
WP Easy Gallery &#8211; WordPress Gallery Plugin (28d6fa8e1d23b2838df0ad6bd50588ad2704d04b) , Jun 16, 2026
WP Easy Gallery &#8211; WordPress Gallery Plugin (dfd6073e9cb1a83bb2e78c40fb73b756268e128c) , Jun 16, 2026
WP Easy Gallery &#8211; WordPress Gallery Plugin (f55605a14004ca6c080eceedd992e8adb89d1740) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026