Skip to main content

Nabz Image Gallery CVE-2024-55981

CRITICAL
SQL Injection (CWE-89)
2024-12-16 audit@patchstack.com
9.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

2
CVSS changed
Apr 23, 2026 - 15:42 NVD
9.3 (CRITICAL)
CVE Published
Dec 16, 2024 - 15:15 nvd
N/A

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery nabz-image-gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through <= v1.00.

AnalysisAI

SQL injection in Nabajit Roy's Nabz Image Gallery WordPress plugin (versions up to and including v1.00) allows remote unauthenticated attackers to inject arbitrary SQL into backend database queries. The flaw carries a critical CVSS 9.3 score with a scope-changed impact and an elevated EPSS exploitation probability of 20.15% (95th percentile), indicating notable likelihood of exploitation attempts, though no public exploit identified at time of analysis and not listed in CISA KEV.

Technical ContextAI

The vulnerability falls under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), the canonical SQL injection weakness class, in which untrusted input is concatenated into SQL statements without proper parameterization or escaping. The affected component is the Nabz Image Gallery WordPress plugin maintained by Nabajit Roy, which adds image gallery functionality to WordPress sites and interacts with the WordPress MySQL/MariaDB database via wpdb. Because the issue lies in user-supplied input being passed to a SQL query handler in the plugin, an attacker can manipulate query logic to read or alter database contents within the constraints of the database user's privileges (typically the WordPress DB account, which has broad read/write access to the WordPress schema).

Affected ProductsAI

The affected product is the Nabz Image Gallery WordPress plugin by Nabajit Roy (vendor identifier 'nabz-image-gallery'), with all versions from initial release through and including v1.00 affected per the Patchstack advisory. No CPE was provided in the input data, and the upper bound 'n/a through <= v1.00' indicates no fixed version had been published at the time the advisory was issued. The reporting and authoritative source is Patchstack (audit@patchstack.com), whose advisory database is the canonical reference for this issue.

RemediationAI

No vendor-released patch identified at time of analysis - the advisory range is open-ended through v1.00 with no fixed version cited. Administrators should immediately deactivate and remove the Nabz Image Gallery plugin from any WordPress installation until the maintainer ships a fixed release, monitor the Patchstack advisory page and the plugin's WordPress.org listing for an update, and check the Patchstack database (https://patchstack.com/database/) for a vulnerability-specific entry with mitigation guidance. As compensating controls while the plugin remains installed, deploy a WordPress-aware WAF rule (e.g., Patchstack vPatch, Wordfence, or generic ModSecurity OWASP CRS SQLi rules) to filter SQL metacharacters on requests targeting the plugin's endpoints, restrict access to the plugin's PHP files via .htaccess or nginx location blocks to known administrator IPs, and audit recent web/database logs for UNION, SLEEP, or BENCHMARK patterns indicating prior exploitation attempts - note that WAF filtering can produce false positives on legitimate gallery queries containing apostrophes in image titles or captions, and IP allow-listing will break public-facing gallery functionality.

Share

CVE-2024-55981 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy