CVE-2017-1002028 – WordPress Gallery Transforation < 0.7 - SQL Injection

https://notcve.org/view.php?id=CVE-2017-1002028

22 Jul 2017 — Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. Existe una vulnerabilidad en el plugin wordpress-gallery-transformation v1.0 de WordPress que consiste en una inyección SQL en ./wordpress-gallery-transformation/gallery.php, debido a que no se sanitiza el parámetro $jpic antes de pasarlo a una consulta SQL. • http://www.vapidlabs.com/advisory.php?v=199 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •