CVE-2023-0765 Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

2023-04-1712:17:39

WPScan

www.cve.org

cve-2023-0765; gallery by bestwebsoft; sql injection; wordpress plugin; blind sql injection; author privileges; slider plugin.

0.001 Low

EPSS

Percentile

28.6%

JSON

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor’s Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Gallery by BestWebSoft",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.7.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for CVELIST:CVE-2023-0765