CVE Catalog

CVE-2026-57642

HighCVSS 8.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

The Gallery plugin for WordPress versions 4.7.8 and earlier contains a SQL injection vulnerability in the Contributor function. This allows an attacker with contributor privileges to execute unauthorized database queries.

Risk Assessment

An attacker can read, modify, or delete data from the WordPress database, potentially leading to admin account takeover, sensitive information leakage, or full site compromise.

Recommendation

Immediately update the Gallery plugin to the latest available version that fixes this vulnerability. If no update is available, temporarily disable the plugin or restrict contributor permissions.

Original NVD description (English source)

Contributor SQL Injection in Gallery <= 4.7.8 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS