CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9325 – Visitors Online by BestWebSoft <= 0.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9325
26 Oct 2015 — The visitors-online plugin before 0.4 for WordPress has SQL injection. El plugin visitors-online versiones anteriores a 0.4 para WordPress, presenta una inyección SQL. The Visitors Online by BestWebSoft plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 0.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries int... • https://wordpress.org/plugins/visitors-online/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9335 – Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms < 1.1.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9335
09 Oct 2015 — The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling. El plugin limit-attempts versiones anteriores a 1.1.1 para WordPress, presenta una inyección SQL durante el manejo de la dirección IP. • https://wordpress.org/plugins/limit-attempts/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9384 – Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9384
03 Oct 2015 — The relevant plugin before 1.0.8 for WordPress has XSS. El plugin relevant versiones anteriores a 1.0.8 para WordPress, presenta una vulnerabilidad de tipo XSS. The Relevant Related Posts plugin up to and including version 1.0.7 for WordPress is vulnerable to stored cross-site scripting via the rltdpstsplgn_options parameter. This makes it possible for authenticated attackers, with administrator-level permissions, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injecte... • https://wordpress.org/plugins/relevant/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9385 – Quotes and Tips by BestWebSoft < 1.20 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9385
03 Oct 2015 — The quotes-and-tips plugin before 1.20 for WordPress has XSS. El plugin quotes-and-tips versiones anteriores a 1.20 para WordPress, presenta una vulnerabilidad de tipo XSS. • https://wordpress.org/plugins/quotes-and-tips/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0890 – reCaptcha by BestWebSoft <= 1.12 - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2015-0890
03 Mar 2015 — The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. El plugin BestWebSoft Google Captcha (también conocido como reCAPTCHA) anterior a 1.13 para WordPress permite a atacantes remotos evadir el mecanismo de protección de CAPTCHA y obtener el acceso administrativo a través de vectores no especificados. • http://jvn.jp/en/jp/JVN55063777/index.html • CWE-804: Guessable CAPTCHA •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10127 – PlusCaptcha Plugin cross site scripting
https://notcve.org/view.php?id=CVE-2015-10127
15 Feb 2015 — A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. • https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9283 – BestWebSoft Captcha <= 4.0.6 - CAPTCHA Bypass
https://notcve.org/view.php?id=CVE-2014-9283
05 Dec 2014 — The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. El plugin BestWebSoft Captcha anterior a 4.0.7 para WordPress permite a atacantes remotos evadir el mecanismo de protección de CAPTCHA y obtener el acceso administrativo a través de vectores no especificados. • http://jvn.jp/en/jp/JVN93727681/index.html • CWE-804: Guessable CAPTCHA •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125100 – BestWebSoft Job Board Plugin cross site scripting
https://notcve.org/view.php?id=CVE-2014-125100
08 Aug 2014 — A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. • https://github.com/wp-plugins/job-board/commit/dbb71deee071422ce3e663fbcdce3ad24886f940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125095 – BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render cross site scripting
https://notcve.org/view.php?id=CVE-2014-125095
07 Aug 2014 — A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. • https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125103 – BestWebSoft Twitter Plugin twitter.php twttr_settings_page cross site scripting
https://notcve.org/view.php?id=CVE-2014-125103
07 Aug 2014 — A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. • https://github.com/wp-plugins/twitter-plugin/commit/e04d59ab578316ffeb204cf32dc71c0d0e1ff77c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •