CVE-2023-0765: Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
First published: Mon Apr 17 2023(Updated: )
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bestwebsoft Gallery Wordpress | <4.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-0765.
What is the severity of CVE-2023-0765?
The severity of CVE-2023-0765 is high with a CVSS score of 8.8.
What is the affected software of CVE-2023-0765?
The affected software of CVE-2023-0765 is the Gallery by BestWebSoft WordPress plugin before version 4.7.0.
How does CVE-2023-0765 affect the vulnerability?
CVE-2023-0765 allows for Blind SQL Injection due to improper escaping of values used in SQL queries in the Gallery by BestWebSoft WordPress plugin before version 4.7.0.
How can I fix CVE-2023-0765?
To fix CVE-2023-0765, you should update the Gallery by BestWebSoft WordPress plugin to version 4.7.0 or higher.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/bestwebsoft
- canonical/bestwebsoft gallery wordpress