Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Contributor account required so PR:L; network, low-complexity, no interaction; SQLi reads database (C:H) with limited write potential (I:L) and no availability impact.
Primary rating from Vendor (patchstack).
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Contributor SQL Injection in Gallery <= 4.7.8 versions.
AnalysisAI
SQL injection in the WordPress 'Gallery' plugin (gallery-plugin) through version 4.7.8 lets authenticated low-privilege users (Contributor role and above) inject crafted SQL via plugin-handled parameters, exposing the WordPress database. Tracked as CVE-2026-57642 (CWE-89) and reported by Patchstack, the flaw carries a CVSS 3.1 base score of 8.5; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated WordPress account at the Contributor role or higher (CVSS PR:L), so the attacker must be able to register or be granted contributor access - sites with open registration or many guest authors are realistically exposed, while single-admin sites are not. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L, 8.5) indicates a network-reachable, low-complexity attack requiring low privileges and no user interaction, with high confidentiality impact and a scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or obtains a Contributor account on a WordPress site running Gallery <= 4.7.8, then submits a crafted request to a vulnerable gallery parameter that breaks out of the intended SQL query. The injected query reads sensitive database contents such as password hashes, secret keys, or other users' data, all without any interaction from an administrator. … |
| Remediation | Upgrade the Gallery plugin to a release later than 4.7.8 as soon as the vendor publishes a fixed version; the input data does not contain an exact patched version number, so confirm the fixed release directly via the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/gallery-plugin/vulnerability/wordpress-gallery-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve) - patch status is best described as no specific vendor-released fix version identified in the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all contributors and subscriber accounts; disable self-registration if not operationally required. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39757
GHSA-pj5w-v4fq-q95p