The WP Easy Gallery plugin for WordPress is vulnerable to a type of cyber attack called SQL Injection. This vulnerability affects versions of the plugin up to and including 2.7. It could allow attackers who are logged in as an administrator to access sensitive information from the database by appending additional code to an existing query.