SQL Injection Vulnerability in Up Down Image Slideshow Gallery for WordPress
CVE-2023-5435

8.8HIGH

Key Information:

Vendor: WordPress
Status: Up Down Image Slideshow Gallery
Vendor: CVE Published:; 31 October 2023

What is CVE-2023-5435?

The Up Down Image Slideshow Gallery plugin for WordPress has an SQL Injection vulnerability, affecting versions up to 12.0. This flaw arises from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. Authenticated attackers with subscriber-level and higher permissions can exploit this vulnerability by injecting additional SQL commands into the existing queries, enabling them to retrieve sensitive data from the database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Up down image slideshow gallery * <= 12.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/up-down-image-...

https://plugins.trac.wordpress.org/changeset/2985497/up-d...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2023
Vulnerability Reserved
Oct 5, 2023

Credit

Lana Codes

JSON

WordPress

What is CVE-2023-5435?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.