CVE-2016-10940

The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
Source: NIST
CVE-2016-10940