Back to search
CVE-2023-0765
Published: Apr 17, 2023
Modified: Mar 5, 2025
PUBLISHED
Description
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Gallery by BestWebSoft | affected 0 - < 4.7.0 |
References
https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now