WordPress PhotoStack Gallery plugin <= 0.4.1 - Unauthenticated SQL Injection via 'postid' Parameter vulnerability

Unauthenticated SQL Injection via 'postid' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PhotoStack Gallery versions = 0.4.1...

CVE-2026-2024

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-2024

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-2024 PhotoStack Gallery <= 0.4.1 - Unauthenticated SQL Injection via 'postid' Parameter

The PhotoStack Gallery plugin for WordPress is vulnerable to SQL Injection via the 'postid' parameter in all versions up to, and including, 0.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-2024

The CVE-2026-2024 entry concerns the PhotoStack Gallery WordPress plugin. Affected software: PhotoStack Gallery (WordPress plugin) up to version 0.4.1. Vulnerable component: the SQL query handling for the postid parameter, due to insufficient escaping of user input and lack of proper query parame...

WordPress plugin PhotoStack Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...