Skip to main content

Gallery Plugin EUVDEUVD-2026-39757

| CVE-2026-57642 HIGH
SQL Injection (CWE-89)
2026-06-26 audit@patchstack.com GHSA-pj5w-v4fq-q95p
8.5
CVSS 3.1 · Vendor: patchstack
Share

Severity by source

Vendor (patchstack) PRIMARY
8.5 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
7.1 HIGH

Contributor account required so PR:L; network, low-complexity, no interaction; SQLi reads database (C:H) with limited write potential (I:L) and no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:N/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (patchstack).

CVSS VectorVendor: patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 15:49 vuln.today

DescriptionCVE.org

Contributor SQL Injection in Gallery <= 4.7.8 versions.

AnalysisAI

SQL injection in the WordPress 'Gallery' plugin (gallery-plugin) through version 4.7.8 lets authenticated low-privilege users (Contributor role and above) inject crafted SQL via plugin-handled parameters, exposing the WordPress database. Tracked as CVE-2026-57642 (CWE-89) and reported by Patchstack, the flaw carries a CVSS 3.1 base score of 8.5; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Contributor account on target
Delivery
Access vulnerable gallery endpoint
Exploit
Submit crafted SQL injection parameter
Execution
Database executes manipulated query
Impact
Exfiltrate sensitive WordPress data

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated WordPress account at the Contributor role or higher (CVSS PR:L), so the attacker must be able to register or be granted contributor access - sites with open registration or many guest authors are realistically exposed, while single-admin sites are not. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L, 8.5) indicates a network-reachable, low-complexity attack requiring low privileges and no user interaction, with high confidentiality impact and a scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker registers or obtains a Contributor account on a WordPress site running Gallery <= 4.7.8, then submits a crafted request to a vulnerable gallery parameter that breaks out of the intended SQL query. The injected query reads sensitive database contents such as password hashes, secret keys, or other users' data, all without any interaction from an administrator. …
Remediation Upgrade the Gallery plugin to a release later than 4.7.8 as soon as the vendor publishes a fixed version; the input data does not contain an exact patched version number, so confirm the fixed release directly via the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/gallery-plugin/vulnerability/wordpress-gallery-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve) - patch status is best described as no specific vendor-released fix version identified in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all contributors and subscriber accounts; disable self-registration if not operationally required. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39757 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy