CVE-2023-0765

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.

Published: Apr 17, 2023
Updated: Apr 26, 2023
CVE: CVE-2023-0765
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
bestwebsoft / gallery	-	4.7.0

https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25

Vulnerability Database

289,697

CVE-2023-0765