SQL Injection Vulnerability in Categorized Gallery Plugin for WordPress
CVE-2024-13676
6.5MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 19 February 2025
What is CVE-2024-13676?
The Categorized Gallery Plugin for WordPress is susceptible to SQL Injection caused by inadequate escaping on the 'field' parameter of the 'image_gallery' shortcode. All versions up to and including 2.0 are affected, allowing authenticated users with Contributor-level access to inject arbitrary SQL queries. This flaw can lead to unauthorized data extraction from the database, posing significant security risks.
Affected Version(s)
Categorized Gallery Plugin * <= 2.0