CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18518 – SMTP by BestWebSoft <= 1.0.9 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18518
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. El plugin bws-smtp antes de 1.1.0 para WordPress tiene múltiples problemas XSS. The SMTP by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/bws-smtp/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18502 – Subscriber by BestWebSoft <= 1.3.4 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18502
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. El plugin subscriber anterior a la versión 1.3.5 para WordPress tiene múltiples problemas XSS. • https://wordpress.org/plugins/subscriber/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-20055 – BestWebSoft Contact Form Plugin Stored cross site scriting
https://notcve.org/view.php?id=CVE-2017-20055
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • http://seclists.org/fulldisclosure/2017/Feb/100 https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_contact_form_wordpress_plugin.html https://vuldb.com/?id.97389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9325 – Visitors Online by BestWebSoft <= 0.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9325
The visitors-online plugin before 0.4 for WordPress has SQL injection. El plugin visitors-online versiones anteriores a 0.4 para WordPress, presenta una inyección SQL. The Visitors Online by BestWebSoft plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 0.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wordpress.org/plugins/visitors-online/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9335 – Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms < 1.1.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9335
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. El plugin limit-attempts versiones anteriores a 1.1.1 para WordPress, presenta una inyección SQL durante el manejo de la dirección IP. • https://wordpress.org/plugins/limit-attempts/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •