Unrated severityNVD Advisory· Published Apr 17, 2023· Updated Mar 5, 2025
Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
CVE-2023-0765
Description
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Gallery by BestWebSoftdescription
- Range: <=4.6.9
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.