Vulnerabilities > Bestwebsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-08 | CVE-2024-13908 | Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Smtp The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. | 7.2 |
| 2024-07-12 | CVE-2024-3112 | Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Quotes and Tips The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 4.8 |
| 2024-06-08 | CVE-2024-35678 | Unspecified vulnerability in Bestwebsoft Contact Form to DB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2. | 8.8 |
| 2024-03-18 | CVE-2023-6821 | Missing Authorization vulnerability in Bestwebsoft Error LOG Viewer The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization | 6.5 |
| 2023-12-26 | CVE-2023-6250 | Cleartext Storage of Sensitive Information vulnerability in Bestwebsoft Like & Share The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | 7.5 |
| 2023-12-26 | CVE-2015-10127 | Unspecified vulnerability in Bestwebsoft Pluscaptcha A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. | 6.1 |
| 2023-12-26 | CVE-2014-125109 | Cross-site Scripting vulnerability in Bestwebsoft Portfolio A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. | 6.1 |
| 2023-12-26 | CVE-2012-10017 | Unspecified vulnerability in Bestwebsoft Portfolio A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. | 8.8 |
| 2023-12-20 | CVE-2023-29096 | Unspecified vulnerability in Bestwebsoft Contact Form to DB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. | 8.8 |
| 2023-11-07 | CVE-2023-36527 | Unspecified vulnerability in Bestwebsoft Post to CSV Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | 8.8 |