Unauthenticated SQL Injection in Huge-IT Gallery-Images Plugin

Unauthenticated SQL Injection in Huge-IT Gallery-Images Plugin

CVE-2016-11018 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback().

Learn more about our Wordpress Pen Testing.