2 matches found
CVE-2023-5435
Summary (CVE-2023-5435) The Up down image slideshow gallery WordPress plugin is vulnerable to SQL Injection via its shortcode in versions ≤12.0 due to insufficient escaping of user input and lack of proper query preparation. An authenticated attacker with subscriber-level or higher privileges can...
CVE-2023-5435 Up down image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...