CVE-2015-9385 – Quotes and Tips by BestWebSoft < 1.20 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9385
The quotes-and-tips plugin before 1.20 for WordPress has XSS. El plugin quotes-and-tips versiones anteriores a 1.20 para WordPress, presenta una vulnerabilidad de tipo XSS. • https://wordpress.org/plugins/quotes-and-tips/#developers https://wpvulndb.com/vulnerabilities/8359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9384 – Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9384
The relevant plugin before 1.0.8 for WordPress has XSS. El plugin relevant versiones anteriores a 1.0.8 para WordPress, presenta una vulnerabilidad de tipo XSS. The Relevant Related Posts plugin up to and including version 1.0.7 for WordPress is vulnerable to stored cross-site scripting via the rltdpstsplgn_options parameter. This makes it possible for authenticated attackers, with administrator-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wordpress.org/plugins/relevant/#developers https://wpvulndb.com/vulnerabilities/8361 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-0890 – reCaptcha by BestWebSoft <= 1.12 - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2015-0890
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. El plugin BestWebSoft Google Captcha (también conocido como reCAPTCHA) anterior a 1.13 para WordPress permite a atacantes remotos evadir el mecanismo de protección de CAPTCHA y obtener el acceso administrativo a través de vectores no especificados. • http://jvn.jp/en/jp/JVN55063777/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000030 https://wordpress.org/plugins/google-captcha/changelog • CWE-804: Guessable CAPTCHA •
CVE-2015-10127 – PlusCaptcha Plugin cross site scripting
https://notcve.org/view.php?id=CVE-2015-10127
A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. • https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd https://vuldb.com/?ctiid.248954 https://vuldb.com/?id.248954 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-9283 – BestWebSoft Captcha <= 4.0.6 - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2014-9283
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. El plugin BestWebSoft Captcha anterior a 4.0.7 para WordPress permite a atacantes remotos evadir el mecanismo de protección de CAPTCHA y obtener el acceso administrativo a través de vectores no especificados. • http://jvn.jp/en/jp/JVN93727681/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000029 https://wordpress.org/plugins/captcha/changelog • CWE-804: Guessable CAPTCHA •