Critical severity9.8NVD Advisory· Published May 2, 2022· Updated Jun 17, 2026
CVE-2022-1281
CVE-2022-1281
Description
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Photo Gallery WordPress plugindescription
- Range: <=1.6.3
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.phpnvdPatchThird Party Advisory
- wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8denvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.