Vulnerability Details CVE-2022-0826
The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users
Exploit prediction scoring system (EPSS) score
EPSS Score 0.73
EPSS Ranking 98.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-0826
-
cpe:2.3:a:wp-video-gallery-free_project:wp-video-gallery-free:*