CVE-2017-1002028

Name of the Vulnerable Software and Affected Versions wordpress-gallery-transformation version 1.0

Description The issue concerns an SQL injection flaw in the wordpress-gallery-transformation plugin. Specifically, the gallery.php file is vulnerable due to the $jpic parameter being unsanitized before being passed into an SQL query.

Recommendations For wordpress-gallery-transformation version 1.0, consider disabling the gallery.php file or restricting access to it until a patch is available to prevent potential SQL injection attacks via the $jpic parameter.