CVE-2015-9446

Name of the Vulnerable Software and Affected Versions unite-gallery-lite plugin versions prior to 1.5

Description The issue allows for SQL injection. This can be achieved through the data[galleryID] variable in the /wp-admin/admin-ajax.php API endpoint.

Recommendations For unite-gallery-lite plugin versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the /wp-admin/admin-ajax.php API endpoint to minimize the risk of exploitation. Avoid using the data[galleryID] variable in the affected API endpoint until the issue is resolved.