CVE-2026-57642
HighCVSS 8.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
The Gallery plugin for WordPress versions 4.7.8 and earlier contains a SQL injection vulnerability in the Contributor function. This allows an attacker with contributor privileges to execute unauthorized database queries.
Risk Assessment
An attacker can read, modify, or delete data from the WordPress database, potentially leading to admin account takeover, sensitive information leakage, or full site compromise.
Recommendation
Immediately update the Gallery plugin to the latest available version that fixes this vulnerability. If no update is available, temporarily disable the plugin or restrict contributor permissions.
Original NVD description (English source)
Contributor SQL Injection in Gallery <= 4.7.8 versions.

