SQL injection vulnerability in LeoTheme's Ap Page Builder

Posted date 18/07/2023
4 - High
Affected Resources

LeoTheme Ap Page Builder, versions prior to


INCIBE has coordinated the publication of a vulnerability affecting LeoTheme Ap Page Builder, which has been discovered by David Manuel Herrera Rodríguez, from Telefónica Tech team.

This vulnerability has been assigned the following code:


  • CVSS v3.1 base score: 7.5.
  • CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
  • Vulnerability type: CWE-89: improper neutralization of special elements used in an SQL command (SQL injection).

Update Ap Page Builder to the latest available version.


CVE-2023-3743: this vulnerability could allow a remote user to send a specially crafted SQL query to the product_one_img parameter and retrieve the information stored in the database.