CVE-2023-34626 (https://github.com/Piwigo/Piwigo/issues/1924): Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. Fixed in 13.8.0, but evidently not released yet.
With bug #918534, we only have >=14.0.0 now in tree