Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
PhotoStack Gallery plugin for WordPress risks exposing database secrets
CVE-2026-2024
Summary
The PhotoStack Gallery plugin for WordPress, used in websites with this plugin installed, is at risk of having its database contents exposed to unauthorized access. This is because the plugin does not properly protect against malicious user input. To fix this issue, update the plugin to a version newer than 0.4.1 or remove it altogether if it's no longer needed.
Original title
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied p...
Original description
The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
nvd CVSS3.1
7.5
Vulnerability type
CWE-89
SQL Injection
- https://plugins.trac.wordpress.org/browser/photostack-gallery/trunk/photo_galler...
- https://plugins.trac.wordpress.org/browser/photostack-gallery/trunk/photo_galler...
- https://plugins.trac.wordpress.org/browser/photostack-gallery/trunk/photo_galler...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/9232b77e-e23f-4e91-8ea...
Published: 14 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026