Vulnerabilities > Bestwebsoft > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-6250 | Cleartext Storage of Sensitive Information vulnerability in Bestwebsoft Like & Share The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag | 7.5 |
| 2023-12-26 | CVE-2012-10017 | Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Portfolio A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. | 8.8 |
| 2023-12-20 | CVE-2023-29096 | SQL Injection vulnerability in Bestwebsoft Contact Form to DB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. | 8.8 |
| 2023-11-07 | CVE-2023-36527 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bestwebsoft Post to CSV Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | 8.8 |
| 2023-05-31 | CVE-2012-10015 | Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Twitter A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. | 8.8 |
| 2023-05-29 | CVE-2014-125102 | Unspecified vulnerability in Bestwebsoft Relevant A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. | 7.5 |
| 2023-04-17 | CVE-2023-0765 | Unspecified vulnerability in Bestwebsoft Gallery The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. | 8.8 |
| 2023-04-10 | CVE-2012-10012 | Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Facebook Button A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. | 8.8 |
| 2023-04-09 | CVE-2012-10010 | Cross-Site Request Forgery (CSRF) vulnerability in Bestwebsoft Contact Form 3.21 A vulnerability was found in BestWebSoft Contact Form 3.21. | 8.8 |
| 2023-04-03 | CVE-2023-0820 | Unspecified vulnerability in Bestwebsoft User Role The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. | 8.8 |