CVE-2023-0765

Name of the Vulnerable Software and Affected Versions The Gallery by BestWebSoft WordPress plugin versions prior to 4.7.0

Description The issue is related to a Blind SQL Injection vulnerability due to improper escaping of values used in SQL queries. An attacker must have at least the privileges of an Author, and the vendor's Slider plugin must also be installed for this issue to be exploitable.

Recommendations For versions prior to 4.7.0, update to version 4.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with Author privileges or lower until the update is applied. Additionally, ensure the Slider plugin is not installed or is updated to a version that does not exploit this vulnerability.