CVE-2017-20247: SQL Injection in PICA Photo Gallery 1.0
WordPress sites running the PICA Photo Gallery plugin version 1.0 are vulnerable to SQL injection attacks. An attacker can manipulate the 'aid' parameter in GET requests to execute unauthorized database queries without needing to log in. This allows extraction of sensitive data such as WordPress user credentials and other database contents, posing a direct threat to site integrity and user privacy.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.2 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Weaknesses (CWE)
- CWE-89
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-09 / 2026-06-17
NVD description (verbatim)
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2017-20247 is a classic SQL injection vulnerability (CWE-89) in PICA Photo Gallery 1.0. The plugin fails to sanitize or parameterize the 'aid' parameter, allowing unauthenticated attackers to inject arbitrary SQL syntax through the query string. The vulnerability permits both data exfiltration and potential database manipulation. With a CVSS 3.1 score of 8.2 (HIGH), the attack requires no authentication or user interaction and can be conducted over the network, though the impact on database integrity is limited compared to confidentiality exposure.
Business impact
Exploitation of this vulnerability could result in unauthorized access to WordPress user accounts, including administrative credentials, which enables account takeover and complete site compromise. Attackers may also extract customer data, post content, or private information stored in the database. In regulated industries, such breaches trigger notification requirements and reputational damage. The ease of exploitation—simple HTTP GET requests—means this vulnerability is particularly dangerous if left unpatched across multiple installations.
Affected systems
PICA Photo Gallery plugin version 1.0 for WordPress is the confirmed vulnerable version. Organizations using this plugin should assume all 1.0 installations are affected. Verify your deployment by checking the plugin version in the WordPress admin panel under Plugins. No evidence of patched versions has been provided; verify the latest available version against the official plugin repository or vendor advisory to confirm remediation.
Exploitability
This vulnerability is highly exploitable. An attacker needs only network access and the ability to craft a malicious URL containing SQL injection payloads in the 'aid' parameter. No authentication, credentials, or user interaction is required. Attack complexity is low, and the attack surface is large for any WordPress site publicly running the vulnerable plugin. Automated scanning tools and publicly available SQL injection techniques can be readily adapted for this vulnerability.
Remediation
Immediately deactivate and remove PICA Photo Gallery 1.0 from all affected WordPress installations. Check the plugin's official repository or vendor documentation for an available security patch or updated version. If a patched version exists, update to it after testing in a staging environment. As an interim measure before patching is available, use WordPress security plugins or Web Application Firewall (WAF) rules to block suspicious 'aid' parameter values containing SQL keywords or syntax characters.
Patch guidance
Verify the latest version of PICA Photo Gallery against the official WordPress plugin repository or the vendor's advisory. Upgrade to any version released after this vulnerability disclosure if available. Test the update in a non-production environment first to ensure compatibility with your WordPress version and other active plugins. After patching, scan your database for unauthorized data access or modification using WordPress security plugins or your hosting provider's audit logs.
Detection guidance
Monitor WordPress access logs for GET requests containing the 'aid' parameter with unusual characters such as quotes, semicolons, SQL keywords (SELECT, UNION, WHERE), or percent-encoded equivalents. Deploy a Web Application Firewall configured to detect SQL injection patterns. Use WordPress security plugins with intrusion detection to alert on parameter tampering. Check database audit logs for unexpected queries or access patterns. Review user account creation logs for unauthorized administrative accounts created during the vulnerable period.
Why prioritize this
This vulnerability merits immediate attention due to its HIGH CVSS score (8.2), lack of authentication requirements, and the critical nature of exposed assets—user credentials and database contents. WordPress sites are pervasive targets, and SQL injection is a well-understood attack vector. The plugin's direct exposure to unauthenticated requests means every publicly accessible WordPress installation running version 1.0 is at risk from basic, automatable attacks.
Risk score, explained
The CVSS 3.1 score of 8.2 reflects the vulnerability's high confidentiality impact (users' credentials and database data are accessible), low integrity impact (SQL injection can modify data, but the vector suggests limited impact here), and no availability impact. The attack vector is network-based with no privilege requirement or user interaction, placing it in the HIGH severity bracket. The score does not account for exploit prevalence or threat actor interest; real-world exploitation likelihood may be elevated given the plugin's public nature and the simplicity of SQL injection attacks.
Frequently asked questions
How do I check if my WordPress site is running PICA Photo Gallery 1.0?
Log in to your WordPress admin dashboard, navigate to Plugins, and search for 'PICA Photo Gallery.' If it is installed, the version number is displayed next to the plugin name. If you see version 1.0 listed, your site is affected. You can also check the wp-content/plugins/ directory on your server for a folder named pica-photo-gallery or similar, then examine its readme.txt or the main plugin file for version information.
Can an attacker gain control of my WordPress site with this vulnerability alone?
This vulnerability allows attackers to read and potentially modify database contents, including user credentials. If they extract an administrator account's password hash or reset credentials via database manipulation, they can take over the site. However, the vulnerability itself does not provide direct code execution; additional steps would be required to escalate to full site control. Immediate patching eliminates this attack vector.
Is PICA Photo Gallery still maintained, and where should I look for a security patch?
Verify the plugin's current status on the WordPress plugin repository (wordpress.org/plugins/) or contact the vendor directly. Search for any available updates or security notices. If no patch is available and the plugin is no longer maintained, consider replacing it with an actively supported alternative photo gallery solution to avoid future vulnerabilities.
What should I do if I suspect my site was compromised via this vulnerability?
Immediately change all WordPress user passwords, especially administrator accounts. Review database audit logs and user account creation dates for unauthorized additions. Scan your site with a reputable WordPress security plugin to detect malware or backdoors. Check database tables for unexpected data modifications. Consider a professional security audit if sensitive user data was exposed. Finally, if customer data was compromised, review your compliance obligations regarding breach notification.
This analysis is provided for informational purposes and reflects publicly available information as of the publication date. Verify all technical details, patch versions, and remediation guidance against official vendor advisories and your own systems before taking action. SEC.co makes no warranty regarding the accuracy, completeness, or suitability of this information for any specific situation. Organizations must conduct their own risk assessment and testing before deploying patches or security controls. Unauthorized access to computer systems is illegal; this information is intended for defensive and authorized security purposes only. Source: NVD (public-domain), retrieved 2026-07-15. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2016-20062HIGHSQL Injection in Simply Poll 1.4.1 WordPress Plugin - Unauthenticated Data Theft
- CVE-2016-20063HIGHSQL Injection in Single Personal Message 1.0.3 – Credential & Data Theft Risk
- CVE-2016-20065HIGHUnauthenticated SQL Injection in Product Catalog 8 WordPress Plugin
- CVE-2017-20243HIGHWordPress Car Park Booking Plugin SQL Injection Vulnerability
- CVE-2017-20244HIGHSQL Injection in Wow Forms WordPress Plugin v2.1 – Critical Unauth Database Extraction
- CVE-2017-20245HIGHWow Viral Signups Plugin SQL Injection Vulnerability – Analysis & Patches
- CVE-2017-20246HIGHKittyCatfish 2.2 SQL Injection Vulnerability – WordPress Plugin Security Alert
- CVE-2017-20249HIGHApptha Slider Gallery SQL Injection Vulnerability