Home > Vulnerability Database > CVE-2023-0765

Mend.io Vulnerability Database

CVE-2023-0765

Date: April 17, 2023

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.

Language: PHP

Severity Score

8.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-0765

Url: https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25

Url: https://www.mend.io/vulnerability-database/CVE-2023-0765

Severity Score

8.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-0765

Date: April 17, 2023

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?