CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125102 – Bestwebsoft Relevant Plugin Thumbnail information disclosure
https://notcve.org/view.php?id=CVE-2014-125102
29 May 2023 — A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. • https://github.com/wp-plugins/relevant/commit/860d1891025548cf0f5f97364c1f51a888f523c3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-29096 – WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-29096
17 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0. Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin for WordPres... • https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125097 – BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scripting
https://notcve.org/view.php?id=CVE-2014-125097
10 Apr 2023 — A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. • https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10012 – BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10012
09 Apr 2023 — A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. • https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10010 – BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10010
09 Apr 2023 — A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10022 – BestWebSoft Contact Form Plugin contact_form.php cntctfrm_check_form cross site scripting
https://notcve.org/view.php?id=CVE-2013-10022
05 Apr 2023 — A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. • https://github.com/wp-plugins/contact-form-plugin/commit/642ef1dc1751ab6642ce981fe126325bb574f898 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28778 – WordPress Pagination by BestWebSoft Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28778
27 Mar 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. The Pagination by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This... • https://patchstack.com/database/vulnerability/pagination/wordpress-pagination-by-bestwebsoft-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0764 – Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-0764
27 Mar 2023 — The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. The Gallery by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via gallery information in versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi... • https://wpscan.com/vulnerability/d48c6c50-3734-4191-9833-0d9b09b1bd8a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0765 – Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2023-0765
27 Mar 2023 — The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable. The Gallery by BestWebSoft plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.6.9 due to insufficient escaping on t... • https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0820 – User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF
https://notcve.org/view.php?id=CVE-2023-0820
13 Mar 2023 — The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. The User Role by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.6. This is due to missing nonce validation in the edit-role-page.php file. This makes it possible for unauthenticated attackers to modify the capabilities of individual roles to elevate individua... • https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912 • CWE-352: Cross-Site Request Forgery (CSRF) •