SQL Injection Vulnerability in Up Down Image Slideshow Gallery for WordPress
CVE-2023-5435
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 31 October 2023
What is CVE-2023-5435?
The Up Down Image Slideshow Gallery plugin for WordPress has an SQL Injection vulnerability, affecting versions up to 12.0. This flaw arises from insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries. Authenticated attackers with subscriber-level and higher permissions can exploit this vulnerability by injecting additional SQL commands into the existing queries, enabling them to retrieve sensitive data from the database.
Affected Version(s)
Up down image slideshow gallery * <= 12.0