Filtered by vendor Bestwebsoft
Subscriptions
Total
72 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-3393 | 1 Bestwebsoft | 1 Post To Csv | 2024-08-03 | 9.8 Critical |
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | ||||
CVE-2023-36508 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-08-02 | 9.8 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1. | ||||
CVE-2023-29096 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-08-02 | 8.5 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. | ||||
CVE-2023-28778 | 1 Bestwebsoft | 1 Pagination | 2024-08-02 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. | ||||
CVE-2023-6250 | 1 Bestwebsoft | 1 Like \& Share | 2024-08-02 | 7.5 High |
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | ||||
CVE-2023-4469 | 1 Bestwebsoft | 1 Profile Extra Fields | 2024-08-02 | 5.3 Medium |
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields. | ||||
CVE-2023-0820 | 1 Bestwebsoft | 1 User Role | 2024-08-02 | 8.8 High |
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. | ||||
CVE-2023-0764 | 1 Bestwebsoft | 1 Gallery | 2024-08-02 | 5.4 Medium |
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. | ||||
CVE-2023-0765 | 1 Bestwebsoft | 1 Gallery | 2024-08-02 | 8.8 High |
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable. | ||||
CVE-2024-35678 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-08-02 | 8.5 High |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2. | ||||
CVE-2024-32674 | 1 Bestwebsoft | 1 Social Login | 2024-08-02 | 5.4 Medium |
Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | ||||
CVE-2024-3112 | 1 Bestwebsoft | 1 Quotes And Tips | 2024-08-01 | 4.8 Medium |
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) |