3 matches found
CVE-2023-0765
The CVE CVE-2023-0765 affects Gallery by BestWebSoft for WordPress, specifically versions before 4.7.0. Root cause: inadequate escaping in SQL queries enables a Blind SQL Injection when an attacker with at least Author privileges interacts with the Gallery while the Slider by BestWebSoft plugin i...
CVE-2023-0765 Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...
WordPress Gallery Plugin < 4.7.0 is vulnerable to SQL Injection
Software Gallery Type Plugin Vulnerable versions 4.7.0 Fixed in 4.7.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0765 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 85ca584ad7e5 Credits dc11 Required privilege Author Published 12 April, 2023...