SQL Injection Vulnerability in Vertical Scroll Slideshow Gallery by Gopiplus
CVE-2025-49897

8.5HIGH

Key Information:

Vendor: WordPress
Status: Vertical Scroll Slideshow Gallery V2
Vendor: CVE Published:; 15 August 2025

What is CVE-2025-49897?

A vulnerability in the Vertical Scroll Slideshow Gallery by Gopiplus allows for Blind SQL Injection due to improper handling of special elements in SQL commands. This issue affects all versions from an unspecified release up through version 9.1. Exploiting this vulnerability can allow an attacker to manipulate database queries, potentially compromising sensitive data or leading to further attacks on the underlying infrastructure.

Affected Version(s)

Vertical scroll slideshow gallery v2 <= 9.1

References

https://patchstack.com/database/wordpress/plugin/vertical...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Peter Thaleikis (Patchstack Alliance)