Vulnerabilities > Bestwebsoft
|2023-05-02||CVE-2014-125100|| Cross-site Scripting vulnerability in Bestwebsoft JOB Board 1.0.0 |
A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress.
| 6.1 |
|2023-04-17||CVE-2023-0764|| Cross-site Scripting vulnerability in Bestwebsoft Gallery |
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability.
| 5.4 |
|2023-04-17||CVE-2023-0765|| SQL Injection vulnerability in Bestwebsoft Gallery |
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability.
low complexitybestwebsoft CWE-89
| 8.8 |
|2023-04-16||CVE-2022-44734|| Cross-site Scripting vulnerability in Bestwebsoft CAR Rental |
| 4.8 |
|2022-11-01||CVE-2022-3791|| Cross-site Scripting vulnerability in Bestwebsoft PDF & Print |
A vulnerability was found in PDF & Print Plugin.
| 4.8 |
|2022-10-25||CVE-2022-3393|| Improper Neutralization of Formula Elements in a CSV File vulnerability in Bestwebsoft Post to CSV |
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection
low complexitybestwebsoft CWE-1236
| 9.8 |
|2022-06-20||CVE-2021-25121|| Integer Underflow (Wrap or Wraparound) vulnerability in Bestwebsoft Rating |
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating
low complexitybestwebsoft CWE-191
| 6.5 |
|2022-06-16||CVE-2017-20055|| Cross-site Scripting vulnerability in Bestwebsoft Contact Form 4.0.0 |
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0.
| 3.5 |
|2022-03-14||CVE-2021-24966|| External Control of File Name or Path vulnerability in Bestwebsoft Error LOG Viewer |
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
low complexitybestwebsoft CWE-73
| 4.0 |
|2022-02-01||CVE-2021-24761|| Path Traversal vulnerability in Bestwebsoft Error LOG Viewer |
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
low complexitybestwebsoft CWE-22
| 6.5 |