CVE-2014-5201

Name of the Vulnerable Software and Affected Versions Gallery Objects plugin version 0.4 for WordPress

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the viewid parameter in a go view object action to the /wp-admin/admin-ajax.php API endpoint.

Recommendations For Gallery Objects plugin version 0.4, consider disabling the go view object action or restricting access to the /wp-admin/admin-ajax.php API endpoint until a patch is available. Avoid using the viewid parameter in the affected API endpoint until the issue is resolved.