SQL Injection in Left Right Image Slideshow Gallery Plugin for WordPress
CVE-2023-5431
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 31 October 2023
What is CVE-2023-5431?
The Left Right Image Slideshow Gallery plugin for WordPress is susceptible to SQL Injection through its shortcode. This vulnerability arises from inadequate escaping of user-supplied parameters and insufficient preparation of SQL queries. Authenticated attackers with subscriber-level or higher permissions can exploit this flaw to inject additional SQL statements into existing queries, potentially disclosing sensitive database information.
Affected Version(s)
Left right image slideshow gallery * <= 12.0