CVE-2023-0765 – Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
https://notcve.org/view.php?id=CVE-2023-0765
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable. The Gallery by BestWebSoft plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.6.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for author-level attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-28778 – WordPress Pagination by BestWebSoft Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28778
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. The Pagination by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled. • https://patchstack.com/database/vulnerability/pagination/wordpress-pagination-by-bestwebsoft-1-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-0820 – User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF
https://notcve.org/view.php?id=CVE-2023-0820
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. The User Role by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.6. This is due to missing nonce validation in the edit-role-page.php file. This makes it possible for unauthenticated attackers to modify the capabilities of individual roles to elevate individual user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/b93d9f9d-0fd9-49b8-b465-d32b95351912 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-44734 – WordPress Car Rental by BestWebSoft Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-44734
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions. The Car Rental by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/car-rental/wordpress-car-rental-by-bestwebsoft-plugin-1-1-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-3393 – Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection
https://notcve.org/view.php?id=CVE-2022-3393
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection El plugin Post to CSV by BestWebSoft de WordPress versiones hasta 1.4.0, no escapa apropiadamente los campos cuando son exportados los datos como CSV, conllevando a una inyección CSV The Post to CSV by BestWebSoft plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.8. This allows author-level attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. • https://wpscan.com/vulnerability/689b4c42-c516-4c57-8ec7-3a6f12a3594e • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •