The BestWebSoft Gallery plugin is susceptible to a high-severity SQL injection vulnerability that permits authenticated contributors to manipulate database operations, risking total data exposure.

The vulnerability exists due to improper input sanitization in the Gallery plugin. An authenticated user with Contributor privileges can inject malicious SQL commands, which are executed with the permissions of the database user.

With a CVSS score of 8.5, this vulnerability presents a critical risk to the organization's data assets. Successful exploitation could lead to unauthorized access to the database, resulting in the theft of sensitive information or the alteration of site content, which may cause significant operational and reputational harm.

Immediate Action: Apply the vendor-provided patch immediately upon release to remediate the vulnerable code path.

Proactive Monitoring: Monitor database query performance and logs for suspicious SQL syntax or unauthorized access attempts from standard user accounts.

Compensating Controls: Utilize a Web Application Firewall (WAF) to filter and block malicious SQL injection patterns before they reach the application backend.

Public Exploit Available: false

The severity of this issue necessitates immediate attention. It is recommended that administrators verify the plugin version and apply updates as a priority. If patching is delayed, temporarily disabling the plugin or restricting its usage to administrative roles is advised to mitigate exposure.