Photo Gallery by 10Web <= 1.5.30 - SQL Injection

Affects Plugin

fixed in version 1.5.31

References

CVE 2019-14313
URL https://fortiguard.com/zeroday/FG-VD-19-101
URL https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Original Researcher Tin Duong of Fortinet's FortiGuard Labs
Views 2895
Verified No
WPVDB ID 9480

Timeline

Publicly Published 2019-07-26 (4 months ago)
Added 2019-07-26 (4 months ago)
Last Updated 2019-09-09 (2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin