Vulnerabilities > Bestwebsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-12 | CVE-2024-3112 | Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Quotes and Tips The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 4.8 |
| 2023-12-26 | CVE-2015-10127 | Cross-site Scripting vulnerability in Bestwebsoft Pluscaptcha A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. | 6.1 |
| 2023-12-26 | CVE-2014-125109 | Cross-site Scripting vulnerability in Bestwebsoft Portfolio A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. | 6.1 |
| 2023-10-06 | CVE-2023-4469 | Unspecified vulnerability in Bestwebsoft Profile Extra Fields The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. | 5.3 |
| 2023-06-22 | CVE-2023-28778 | Cross-site Scripting vulnerability in Bestwebsoft Pagination Auth. | 4.8 |
| 2023-05-31 | CVE-2014-125103 | Cross-site Scripting vulnerability in Bestwebsoft Twitter A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. | 6.1 |
| 2023-05-02 | CVE-2014-125100 | Cross-site Scripting vulnerability in Bestwebsoft JOB Board 1.0.0 A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. | 6.1 |
| 2023-04-17 | CVE-2023-0764 | Unspecified vulnerability in Bestwebsoft Gallery The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. | 5.4 |
| 2023-04-16 | CVE-2022-44734 | Cross-site Scripting vulnerability in Bestwebsoft CAR Rental Auth. | 4.8 |
| 2023-04-10 | CVE-2014-125097 | Cross-site Scripting vulnerability in Bestwebsoft Facebook Button A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. | 6.1 |