The WP Easy Gallery plugin for WordPress is vulnerable to a type of security vulnerability called generic SQL Injection, which affects versions of the plugin up to 2.7. This security vulnerability occurs when malicious attackers are able to append additional SQL queries into existing queries in the ‘admin/add-images.php’ file. This could potentially allow attackers to extract sensitive information from the database. This vulnerability occurs because of insufficient escaping on user-supplied parameters and insufficient preparation of existing SQL queries.