The WP Video Gallery WordPress plugin up to and including 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp-video-gallery-free project wp-video-gallery-free |