Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery pixelating-image-slideshow-gallery allows SQL Injection.This issue affects Pixelating image slideshow gallery: from n/a through <= 8.0.
Published: 2025-07-04
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Pixelating image slideshow gallery plugin contains an SQL Injection flaw due to improper handling of special characters in user supplied data, identified as CWE‑89. An attacker who can supply crafted input can cause the plugin to execute unintended SQL commands, potentially retrieving, modifying, or deleting database contents. This could lead to data exfiltration or unauthorized data manipulation.

Affected Systems

All installations of gopiplus Pixelating image slideshow gallery on WordPress that are version 8.0 or earlier are affected. The vulnerability exists in every release up to and including 8.0; newer releases may have addressed the issue.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity. The EPSS score of less than 1% suggests a low current exploitation probability, and the issue is not listed in CISA KEV. The attack likely requires the ability to submit data to the plugin’s input points, which may be accessible to authenticated editors or visitors depending on the WordPress configuration. Without a patch or WAF, an attacker could exploit this flaw by sending malformed requests to the plugin’s endpoints.

Generated by OpenCVE AI on May 1, 2026 at 07:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Pixelating image slideshow gallery plugin to the latest version that addresses the SQL Injection vulnerability.
  • If no newer version is available, temporarily disable the plugin until a patch is released.
  • Restrict access to the plugin’s settings and administration screens to users with administrator privileges only.
  • Implement a web application firewall rule that blocks common SQL Injection patterns targeting WordPress plugins.

Generated by OpenCVE AI on May 1, 2026 at 07:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19938 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery pixelating-image-slideshow-gallery allows SQL Injection.This issue affects Pixelating image slideshow gallery: from n/a through <= 8.0.
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Tue, 08 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Jul 2025 09:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus Pixelating image slideshow gallery allows SQL Injection. This issue affects Pixelating image slideshow gallery: from n/a through 8.0.
Title WordPress Pixelating image slideshow gallery plugin <= 8.0 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:02.977Z

Reserved: 2025-03-26T09:22:34.906Z

Link: CVE-2025-30979

cve-icon Vulnrichment

Updated: 2025-07-08T14:04:19.508Z

cve-icon NVD

Status : Deferred

Published: 2025-07-04T09:15:34.877

Modified: 2026-04-23T15:27:26.747

Link: CVE-2025-30979

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T07:15:11Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')