What is CVE-2023-0765?

CVE-2023-0765 is a high-severity vulnerability in Bestwebsoft Gallery, classified under SQL Injection. CVSS score: 8.8/10. Published 2023-04-17.

How severe is CVE-2023-0765?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2023-0765 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Bestwebsoft Gallery

CVE-2023-0765

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Sl…

Vulnerability class: SQL Injection

EPSS: 0.009 (54.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Bestwebsoft Gallery
Unknown Gallery By Bestwebsoft — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates

References

contact@wpscan.com (Exploit, technical-description, Third Party Advisory, exploit, vdb-entry)

Frequently asked questions

What is CVE-2023-0765?: CVE-2023-0765 is a high-severity vulnerability in Bestwebsoft Gallery, classified under SQL Injection. CVSS score: 8.8/10. Published 2023-04-17.
How severe is CVE-2023-0765?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2023-0765 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.