CVE-2014-125097 – BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scripting
https://notcve.org/view.php?id=CVE-2014-125097
A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. • https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c https://vuldb.com/?ctiid.225354 https://vuldb.com/?id.225354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-10012 – BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10012
A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. • https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb https://vuldb.com/?ctiid.225355 https://vuldb.com/?id.225355 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-10010 – BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10010
A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/wp-plugins/contact-form-plugin/commit/8398d96ff0fe45ec9267d7259961c2ef89ed8005 https://vuldb.com/?ctiid.225321 https://vuldb.com/?id.225321 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-10022 – BestWebSoft Contact Form Plugin contact_form.php cntctfrm_check_form cross site scripting
https://notcve.org/view.php?id=CVE-2013-10022
A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. • https://github.com/wp-plugins/contact-form-plugin/commit/642ef1dc1751ab6642ce981fe126325bb574f898 https://vuldb.com/?ctiid.225002 https://vuldb.com/?id.225002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0764 – Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-0764
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. The Gallery by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via gallery information in versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/d48c6c50-3734-4191-9833-0d9b09b1bd8a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •