CVE-2015-9446

The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php.
Source: NIST
CVE-2015-9446