SQL Injection Vulnerability in Unite Gallery Lite Plugin for WordPress
CVE-2015-9446

8.8HIGH

Key Information:

Vendor

Wordpress
Status
Unite Gallery Lite
Vendor
CVE Published:
26 September 2019

What is CVE-2015-9446?

The Unite Gallery Lite plugin for WordPress is susceptible to an SQL injection vulnerability that can be exploited via the data[galleryID] parameter. This flaw allows attackers to send crafted requests to wp-admin/admin-ajax.php, potentially leading to unauthorized access to sensitive data or manipulation of the database. Users of the plugin are strongly advised to update to the latest version to mitigate this risk.

References

https://wpvulndb.com/vulnerabilities/8113
x_refsource_MISC
https://wordpress.org/plugins/unite-gallery-lite/#developers
x_refsource_MISC
http://packetstormsecurity.com/files/132842/
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.