Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestweblayout Slider by BestWebSoft slider-bws allows SQL Injection.This issue affects Slider by BestWebSoft: from n/a through <= 1.1.0.
Published: 2025-03-28
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Slider by BestWebSoft plugin contains an SQL Injection flaw due to insufficient sanitization of user‑supplied input. An attacker that can interact with vulnerable input can inject arbitrary SQL statements, which may read, modify, or delete database records. Depending on the underlying database and permissions of the WordPress installation, this can compromise website integrity and result in significant data loss or unauthorized data exposure.

Affected Systems

The vulnerability affects the Slider by BestWebSoft plugin from earlier minor releases through version 1.1.0 on any WordPress installation that includes the plugin. The affected vendor is bestweblayout. No stricter version granularity is provided beyond the ≤1.1.0 ceiling.

Risk and Exploitability

The CVSS score is 7.6, indicating high severity. The EPSS score is under 1 %, implying that exploitation is relatively rare at present. The issue has not been listed in CISA’s KEV catalog. Attackers may exploit by sending crafted requests to the plugin, possibly from any web client, making the attack vector likely remote. Although the low EPSS suggests a low probability of immediate exploitation, the high severity warrants swift remediation.

Generated by OpenCVE AI on May 1, 2026 at 03:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Slider by BestWebSoft plugin version 1.1.1 or newer, which removes the SQL injection vulnerability.
  • If an upgrade is not possible, temporarily deactivate or delete the Slider by BestWebSoft plugin until a patch is applied.
  • Apply a Web Application Firewall rule that blocks suspicious SQL patterns targeting the plugin’s input endpoints.
  • Verify that WordPress and the underlying database use proper user privileges; restrict the database user to only the permissions required for normal operation.

Generated by OpenCVE AI on May 1, 2026 at 03:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8574 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestwebsoft Slider by BestWebSoft allows SQL Injection. This issue affects Slider by BestWebSoft: from n/a through 1.1.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestwebsoft Slider by BestWebSoft allows SQL Injection. This issue affects Slider by BestWebSoft: from n/a through 1.1.0. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestweblayout Slider by BestWebSoft slider-bws allows SQL Injection.This issue affects Slider by BestWebSoft: from n/a through <= 1.1.0.
Title WordPress Slider by BestWebSoft <= 1.1.0 - SQL Injection Vulnerability WordPress Slider by BestWebSoft plugin <= 1.1.0 - SQL Injection Vulnerability
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Fri, 28 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 28 Mar 2025 09:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestwebsoft Slider by BestWebSoft allows SQL Injection. This issue affects Slider by BestWebSoft: from n/a through 1.1.0.
Title WordPress Slider by BestWebSoft <= 1.1.0 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:05.211Z

Reserved: 2025-03-26T09:26:19.815Z

Link: CVE-2025-31099

cve-icon Vulnrichment

Updated: 2025-03-28T14:25:21.951Z

cve-icon NVD

Status : Deferred

Published: 2025-03-28T10:15:18.193

Modified: 2026-04-23T15:27:42.327

Link: CVE-2025-31099

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T03:45:07Z

Weaknesses