Report
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
Score:8.3
Severity:High
Version: 1.6.2
There is a patch available in v1.6.3 and we strongly recommend you update to this version as soon as possible.
