CVE-2023-0765
Published Apr 17, 2023
Last updated a year ago
Overview
- Description
- The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
- Source
- contact@wpscan.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bestwebsoft:gallery:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "F42F3989-E1D7-49DD-A24E-AECC5D4495CC",
"versionEndExcluding": "4.7.0"
}
],
"operator": "OR"
}
]
}
]