CVE-2014-8375

gb_gallery_slideshow 1.5 - Authenticated SQL Injection via selected_group Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8375. PoCs published by Claudio Viviani.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the GB Gallery Slideshow WordPress plugin. The vulnerability allows an attacker to inject malicious SQL queries via the 'selected_group' parameter in a POST request to admin-ajax.php.

Description

SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Claudio Viviani · textwebappsphp
https://www.exploit-db.com/exploits/39282

This exploit demonstrates an SQL injection vulnerability in the GB Gallery Slideshow WordPress plugin. The vulnerability allows an attacker to inject malicious SQL queries via the 'selected_group' parameter in a POST request to admin-ajax.php.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: GB Gallery Slideshow WordPress plugin 1.5
Auth required
Prerequisites: WordPress installation with GB Gallery Slideshow plugin 1.5 · Valid WordPress admin session cookie
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0323
EPSS Percentile 86.6%

Details

CWE
CWE-89
Status published
Products (1)
gb-plugins/gb_gallery_slideshow 1.5
Published Oct 21, 2014
Tracked Since Feb 18, 2026