VYPR
Unrated severityNVD Advisory· Published Apr 17, 2023· Updated Mar 5, 2025

Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection

CVE-2023-0765

Description

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.