CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44734 – WordPress Car Rental by BestWebSoft Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-44734
09 Nov 2022 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions. The Car Rental by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Au... • https://patchstack.com/database/vulnerability/car-rental/wordpress-car-rental-by-bestwebsoft-plugin-1-1-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1CVE-2022-3393 – Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
https://notcve.org/view.php?id=CVE-2022-3393
03 Oct 2022 — The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection El plugin Post to CSV by BestWebSoft de WordPress versiones hasta 1.4.0, no escapa apropiadamente los campos cuando son exportados los datos como CSV, conllevando a una inyección CSV The Post to CSV by BestWebSoft plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.8. This allows author-level attackers to embed untrusted in... • https://wpscan.com/vulnerability/689b4c42-c516-4c57-8ec7-3a6f12a3594e • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25121 – Rating by BestWebSoft < 1.6 - Rating Denial of Service
https://notcve.org/view.php?id=CVE-2021-25121
24 May 2022 — The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating El plugin Rating by BestWebSoft WordPress anterior a la versión 1.6 no valida la valoración enviada, permitiendo el envío de enteros largos, lo que provoca una denegación de servicio en la entrada/página cuando un usuario envía dicha valoración The Rating by BestWebSoft WordPress plugin through 1.5 does ... • https://wpscan.com/vulnerability/efb1ddef-2123-416c-a932-856d41ed836d • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24761 – Error Log Viewer < 1.1.2 - Arbitrary Text File Deletion via CSRF
https://notcve.org/view.php?id=CVE-2021-24761
29 Dec 2021 — The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. El plugin de WordPress Error Log Viewer anterior a la versión 1.1.2 no realiza la comprobación de nonce al eliminar un archivo de registro y no tiene prevención de path traversal, lo que podría permitir a los atacantes hacer que un administrador conectado elimi... • https://wpscan.com/vulnerability/c14e1ba6-fc00-4150-b541-0d6740fee4d2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 7%CPEs: 1EXPL: 3CVE-2021-24966 – Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing
https://notcve.org/view.php?id=CVE-2021-24966
10 Nov 2021 — The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder El plugin Error Log Viewer de WordPress versiones hasta 1.1.1, no comprueba la ruta del archivo de registro que va a ser borrada, permitiendo a usuarios con altos privilegios borrar archivos arbitrarios en el servidor web, incluidos los que están fuera de la carpeta del blog WordPress Erro... • https://packetstorm.news/files/id/165985 • CWE-73: External Control of File Name or Path •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2021-24350 – Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24350
26 May 2021 — The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. El plugin Visitors WordPress versiones hasta 0.3, está afectado por una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado sin autenticación. El plugin mostraría la cadena de agente de usuario del usuario sin comprobación o codificación dentro del panel de a... • https://wpscan.com/vulnerability/06f1889d-8e2f-481a-b91b-3a8008e00ffc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2020-8658 – Htaccess <= 1.8.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-8658
01 Feb 2020 — The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website. El plugin BestWebSoft Htaccess versiones hasta 1.8.1 para WordPress,... • https://github.com/V1n1v131r4/Exploiting-WP-Htaccess-by-BestWebSoft-Plugin/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18564 – Sender by BestWebSoft <= 1.2.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18564
20 Aug 2019 — The sender plugin before 1.2.1 for WordPress has multiple XSS issues. El plugin sender anterior a la versión 1.2.1 para WordPress tiene múltiples problemas XSS. The Sender by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted ... • https://wordpress.org/plugins/sender/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10869 – Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress <= 4.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-10869
13 Aug 2019 — The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. El complemento contact-form-plugin anterior de 4.0.2 para WordPress tiene XSS • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20970 – PDF & Print by BestWebSoft < 2.0.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20970
04 Dec 2017 — The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues. El plugin pdf-print anterior a la versión 2.0.3 para WordPress tiene múltiples problemas XSS. The PDF & Print by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 2.0.3 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they ... • https://wordpress.org/plugins/pdf-print/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •