Filtered by vendor Bestwebsoft
Subscriptions
Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35678 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-11-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2. | ||||
| CVE-2012-10017 | 1 Bestwebsoft | 1 Portfolio | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955. | ||||
| CVE-2015-10127 | 1 Bestwebsoft | 1 Pluscaptcha | 2024-11-21 | 3.5 Low |
| A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3112 | 1 Bestwebsoft | 1 Quotes And Tips | 2024-11-21 | 4.8 Medium |
| The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | ||||
| CVE-2024-32674 | 1 Bestwebsoft | 1 Social Login | 2024-11-21 | 5.4 Medium |
| Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | ||||
| CVE-2023-6250 | 1 Bestwebsoft | 1 Like \& Share | 2024-11-21 | 7.5 High |
| The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | ||||
| CVE-2023-4469 | 1 Bestwebsoft | 1 Profile Extra Fields | 2024-11-21 | 5.3 Medium |
| The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields. | ||||
| CVE-2023-36527 | 1 Bestwebsoft | 1 Post To Csv | 2024-11-21 | 8.8 High |
| Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | ||||
| CVE-2023-36508 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-11-21 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1. | ||||
| CVE-2023-29096 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-11-21 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. | ||||
| CVE-2023-28778 | 1 Bestwebsoft | 1 Pagination | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. | ||||
| CVE-2023-0820 | 1 Bestwebsoft | 1 User Role | 2024-11-21 | 8.8 High |
| The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. | ||||
| CVE-2023-0765 | 1 Bestwebsoft | 1 Gallery | 2024-11-21 | 8.8 High |
| The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable. | ||||
| CVE-2023-0764 | 1 Bestwebsoft | 1 Gallery | 2024-11-21 | 5.4 Medium |
| The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. | ||||
| CVE-2022-44734 | 1 Bestwebsoft | 1 Car Rental | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions. | ||||
| CVE-2022-3393 | 1 Bestwebsoft | 1 Post To Csv | 2024-11-21 | 9.8 Critical |
| The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection | ||||
| CVE-2021-25121 | 1 Bestwebsoft | 1 Rating | 2024-11-21 | 6.5 Medium |
| The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating | ||||
| CVE-2021-24966 | 1 Bestwebsoft | 1 Error Log Viewer | 2024-11-21 | 4.9 Medium |
| The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder | ||||
| CVE-2021-24761 | 1 Bestwebsoft | 1 Error Log Viewer | 2024-11-21 | 6.5 Medium |
| The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. | ||||
| CVE-2021-24350 | 1 Bestwebsoft | 1 Visitors Online | 2024-11-21 | 6.1 Medium |
| The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. | ||||