ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Nextgen Gallery plugin <= 3.2.8 - SQL Injection vulnerability

Product
NextGEN Gallery
Description
SQL Injection vulnerability found by Tin Duong (Fortinet FortiGuard Labs) in WordPress Nextgen Gallery plugin (versions <= 3.2.8).
Solution
Update the WordPress Nextgen Gallery plugin to the latest available version (at least 3.2.10).
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-2019-14314
Versions
Affected In <= 3.2.8
Fixed In 3.2.10
Disclosure date
2019-08-27
Credits
Tin Duong
Submitter
ThreatPress