WordPress Photo Gallery plugin <= 1.2.100 - SQL Injection
Because of this vulnerability, authenticated users can execute arbitrary SQL commands via "the ascordesc" parameter in the galleriesbwg page to wp-admin/admin.php. Solution Upgrade the plugin...