CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125109 – BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scripting
https://notcve.org/view.php?id=CVE-2014-125109
26 Dec 2023 — A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. • https://github.com/wp-plugins/portfolio/commit/d2ede580474665af56ff262a05783fbabe4529b8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2017-2171
https://notcve.org/view.php?id=CVE-2017-2171
22 May 2017 — Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Post... • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10017 – BestWebSoft Portfolio Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10017
24 Jul 2012 — A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. • https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d • CWE-352: Cross-Site Request Forgery (CSRF) •