CVE-2014-8375

Name of the Vulnerable Software and Affected Versions GB Gallery Slideshow plugin version 1.5

Description The issue allows remote administrators to execute arbitrary SQL commands. This is achieved by exploiting the selected group parameter in a gb ajax get group action to the "/wp-admin/admin-ajax.php" API endpoint.

Recommendations For GB Gallery Slideshow plugin version 1.5, avoid using the selected group parameter in the /wp-admin/admin-ajax.php API endpoint until the issue is resolved. Consider temporarily restricting access to the gb ajax get group action to minimize the risk of exploitation.