The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-04-17T12:17:39.159Z
Updated: 2023-04-17T12:17:39.159Z
Reserved: 2023-02-09T16:53:54.532Z
Link: CVE-2023-0765
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-17T13:15:37.953
Modified: 2023-11-07T04:01:25.343
Link: CVE-2023-0765
JSON object: View
Redhat Information
No data.
CWE
No CWE.