Duongtq

**Name of the Vulnerable Software and Affected Versions** Photo Gallery by Ays – Responsive Image Gallery WordPress plugin versions prior to 4.4.4 **Description** The issue arises from the `get gallery categories()` and `get galleries()` functions not validating the `orderby` parameter before using it in SQL statements, leading to SQL injection issues in the admin dashboard. **Recommendations** For versions prior to 4.4.4, update to version 4.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Portfolio Responsive Gallery WordPress plugin versions prior to 1.1.8 **Description** The issue is related to the implementation of the `get portfolios()` and `get portfolio attributes()` functions in the Portfolio Responsive Gallery WordPress plugin. It is caused by a lack of protection against SQL query structure exploitation. This allows a remote attacker to execute arbitrary SQL code. The `orderby` parameter is not validated or whitelisted before being used in SQL statements, leading to SQL injection issues in the admin dashboard. **Recommendations** For versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `get portfolios()` and `get portfolio attributes()` functions until a patch is available. Avoid using the `orderby` parameter in the affected SQL statements until the issue is resolved.