This vulnerability in gopiplus Pixelating image slideshow gallery (versions ≤ 8.0) allows SQL Injection due to improper neutralization of special elements in SQL commands. The CVSS 3.1 score is 8.5 (high), with an attack vector of network, low attack complexity, requiring low privileges and no user interaction. The impact scope is changed, with high confidentiality impact and low availability impact, but no integrity impact. No vendor advisory or patch information is currently available, and the product is not a cloud service.

Successful exploitation could allow an attacker to access sensitive data from the database (high confidentiality impact) and cause limited disruption to availability (low impact). Integrity of data is not impacted. The vulnerability requires the attacker to have low privileges but no user interaction is needed. No known exploits have been reported so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a patch or official fix is available, restrict access to the affected plugin and monitor for suspicious activity related to SQL injection attempts. Avoid exposing the vulnerable plugin to untrusted users where possible.