VYPR

Gallery by BestWebSoft

by WordPress

CVEs (3)

  • CVE-2023-0765HigApr 17, 2023
    risk 0.57cvss 8.8epss 0.01

    The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin…

  • CVE-2024-13906HigMar 7, 2025
    risk 0.40cvss 7.2epss 0.01

    The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes…

  • CVE-2023-0764MedApr 17, 2023
    risk 0.35cvss 5.4epss 0.00

    The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.