Vulnerabilities > Bestwebsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-20 | CVE-2021-25121 | Integer Underflow (Wrap or Wraparound) vulnerability in Bestwebsoft Rating The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating | 4.0 |
| 2022-06-16 | CVE-2017-20055 | Cross-site Scripting vulnerability in Bestwebsoft Contact Form 4.0.0 A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. | 3.5 |
| 2022-03-14 | CVE-2021-24966 | External Control of File Name or Path vulnerability in Bestwebsoft Error LOG Viewer The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder | 4.0 |
| 2022-02-01 | CVE-2021-24761 | Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Error LOG Viewer The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. | 4.3 |
| 2021-06-14 | CVE-2021-24350 | Cross-site Scripting vulnerability in Bestwebsoft Visitors Online 0.1/0.2/0.3 The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2020-02-06 | CVE-2020-8658 | Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Htaccess The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. | 6.8 |
| 2019-09-20 | CVE-2015-9385 | Cross-site Scripting vulnerability in Bestwebsoft Quotes and Tips The quotes-and-tips plugin before 1.20 for WordPress has XSS. | 4.3 |
| 2019-09-20 | CVE-2015-9384 | Cross-site Scripting vulnerability in Bestwebsoft Relevant The relevant plugin before 1.0.8 for WordPress has XSS. | 4.3 |
| 2019-08-27 | CVE-2017-18590 | Cross-site Scripting vulnerability in Bestwebsoft Timesheet The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. | 4.3 |
| 2019-08-22 | CVE-2015-9335 | SQL Injection vulnerability in Bestwebsoft Limit Attempts The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. | 7.5 |