CVE-2026-7048 Photo Gallery by 10Web <= 1.8.40 - Authenticated (Contributor+) SQL Injection via 'order_by' Shortcode Attribute

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

PT-2024-32622 · WordPress · Youzify – Buddypress Community

Name of the Vulnerable Software and Affected Versions: The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress versions 1.2.5 and earlier Description: The issue allows authenticated attackers with Contributor-level access and above to perform SQL Injecti...