CVE-2016-10921
Description
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in gallery-photo-gallery plugin before 1.0.1 for WordPress allows unauthorized database access.
Vulnerability
The gallery-photo-gallery plugin for WordPress, versions before 1.0.1, contains a SQL injection vulnerability. The exact parameter is not disclosed in available references, but it allows attackers to inject arbitrary SQL queries via user input [1].
Exploitation
An attacker can exploit this vulnerability by sending crafted input to the vulnerable plugin endpoint. No authentication is required if the endpoint is publicly accessible. The attack does not require special privileges.
Impact
Successful exploitation leads to unauthorized access to the database, potentially allowing data extraction, modification, or deletion. This compromises the confidentiality and integrity of the WordPress site's data.
Mitigation
The vulnerability is fixed in version 1.0.1 of the plugin. Users should update to at least version 1.0.1 immediately. No workarounds are mentioned in the references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- WordPress/gallery-photo-gallerydescription
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- wordpress.org/plugins/gallery-photo-gallery/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.