← Volver a CVEs
CVE-2023-0765
HIGH8.8
Descripcion
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/17/2023
Ultima modificacion3/5/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
bestwebsoft:gallery
Debilidades (CWE)
CWE-89
Referencias
https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25(contact@wpscan.com)
https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.