Vulnerabilities > Bestwebsoft

DATE CVE VULNERABILITY TITLE RISK
2024-07-12 CVE-2024-3112 Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Quotes and Tips
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
network
low complexity
bestwebsoft CWE-434
4.8
2023-12-26 CVE-2023-6250 Cleartext Storage of Sensitive Information vulnerability in Bestwebsoft Like & Share
The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag
network
low complexity
bestwebsoft CWE-312
7.5
2023-12-26 CVE-2015-10127 Cross-site Scripting vulnerability in Bestwebsoft Pluscaptcha
A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic.
network
low complexity
bestwebsoft CWE-79
6.1
2023-12-26 CVE-2014-125109 Cross-site Scripting vulnerability in Bestwebsoft Portfolio
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27.
network
low complexity
bestwebsoft CWE-79
6.1
2023-12-26 CVE-2012-10017 Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Portfolio
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress.
network
low complexity
bestwebsoft CWE-352
8.8
2023-12-20 CVE-2023-29096 SQL Injection vulnerability in Bestwebsoft Contact Form to DB
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0.
network
low complexity
bestwebsoft CWE-89
8.8
2023-11-07 CVE-2023-36527 Improper Neutralization of Formula Elements in a CSV File vulnerability in Bestwebsoft Post to CSV
Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.
network
low complexity
bestwebsoft CWE-1236
8.8
2023-10-31 CVE-2023-36508 SQL Injection vulnerability in Bestwebsoft Contact Form to DB
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.
network
low complexity
bestwebsoft CWE-89
critical
9.8
2023-10-06 CVE-2023-4469 Unspecified vulnerability in Bestwebsoft Profile Extra Fields
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7.
network
low complexity
bestwebsoft
5.3
2023-06-22 CVE-2023-28778 Cross-site Scripting vulnerability in Bestwebsoft Pagination
Auth.
network
low complexity
bestwebsoft CWE-79
4.8