CVE-2021-24139

Summary

Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.

Affected Software

VendorProductVersion RangeStatus
UnknownPhoto Gallery by 10Web1.5.55 < 1.5.55affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References