Vulnerabilities (CVE)

Filtered by vendor Bestwebsoft Subscribe
Total 70 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44734 1 Bestwebsoft 1 Car Rental 2024-02-28 N/A 4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions.
CVE-2023-0820 1 Bestwebsoft 1 User Role 2024-02-28 N/A 8.8 HIGH
The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.
CVE-2023-0765 1 Bestwebsoft 1 Gallery 2024-02-28 N/A 8.8 HIGH
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
CVE-2022-3393 1 Bestwebsoft 1 Post To Csv 2024-02-28 N/A 9.8 CRITICAL
The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection
CVE-2017-20055 1 Bestwebsoft 1 Contact Form 2024-02-28 3.5 LOW 5.4 MEDIUM
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2021-24966 1 Bestwebsoft 1 Error Log Viewer 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
CVE-2021-25121 1 Bestwebsoft 1 Rating 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating
CVE-2021-24761 1 Bestwebsoft 1 Error Log Viewer 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
CVE-2021-24350 1 Bestwebsoft 1 Visitors Online 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.
CVE-2020-8658 1 Bestwebsoft 1 Htaccess 2024-02-28 6.8 MEDIUM 8.8 HIGH
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In this way, an attacker is able to direct the victim to a malicious web page that modifies the .htaccess file, and takes control of the website.
CVE-2017-18558 1 Bestwebsoft 1 Testimonials 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.
CVE-2017-18527 1 Bestwebsoft 1 Pagination 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.
CVE-2015-9384 1 Bestwebsoft 1 Relevant 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The relevant plugin before 1.0.8 for WordPress has XSS.
CVE-2017-18557 1 Bestwebsoft 1 Google Maps 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.
CVE-2017-18566 1 Bestwebsoft 1 User Role 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
CVE-2017-18493 1 Bestwebsoft 1 Custom Admin Page 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.
CVE-2015-9335 1 Bestwebsoft 1 Limit Attempts 2024-02-28 7.5 HIGH 9.8 CRITICAL
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
CVE-2017-18529 1 Bestwebsoft 1 Promobar 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.
CVE-2017-18590 1 Bestwebsoft 1 Timesheet 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.
CVE-2017-18562 1 Bestwebsoft 1 Error Log Viewer 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.