Primary

Context

WordPress Plugin PICA Photo Gallery SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the WordPress Plugin PICA Photo Gallery version 1.0. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the aid parameter. Exploitation of this vulnerability could lead to the extraction of sensitive database information, including user credentials and table contents.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to manipulate the database or extract sensitive information such as user credentials.

Reproduction

To reproduce this vulnerability, send a GET request to the WordPress site with the PICA Photo Gallery plugin active. Include a crafted SQL payload in the aid parameter. The injected SQL will be executed by the database, allowing access to sensitive information such as user credentials and database table contents.

Added: Jun 9, 2026, 2:22 PM

Updated: Jun 9, 2026, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Plugin PICA Photo Gallery SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Apptha PICA Photo Gallery

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating