Bannersky
Products
3- 5 CVEs
- 5 CVEs
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22347 | Hig | 0.53 | 8.2 | 0.00 | Jan 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through <= 3.9. | ||
| CVE-2023-30872 | Hig | 0.49 | 7.6 | 0.01 | Dec 20, 2023 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2. | ||
| CVE-2025-24545 | Hig | 0.46 | 7.1 | 0.00 | Feb 3, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Validation bsk-gravity-forms-custom-validation allows Reflected XSS.This issue affects BSK Forms Validation: from n/a through <= 1.7. | ||
| CVE-2024-47624 | Hig | 0.46 | 7.1 | 0.00 | Oct 5, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through <= 3.8.1. | ||
| CVE-2024-43233 | Hig | 0.46 | 7.1 | 0.00 | Aug 12, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8. | ||
| CVE-2024-38767 | Med | 0.42 | 6.5 | 0.00 | Jul 20, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6. | ||
| CVE-2023-5110 | Med | 0.42 | 6.4 | 0.00 | Oct 25, 2023 | The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible… | ||
| CVE-2025-4970 | Med | 0.36 | 5.5 | 0.00 | Dec 12, 2025 | The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-39686 | Med | 0.34 | 5.3 | 0.00 | Apr 8, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2. | ||
| CVE-2014-4944 | 0.03 | — | 0.04 | Jul 14, 2014 | Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | |||
| CVE-2023-5980 | 0.00 | — | 0.00 | Dec 26, 2023 | The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in… |
- risk 0.53cvss 8.2epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through <= 3.9.
- risk 0.49cvss 7.6epss 0.01
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.This issue affects BSK Forms Blacklist: from n/a through 3.6.2.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Validation bsk-gravity-forms-custom-validation allows Reflected XSS.This issue affects BSK Forms Validation: from n/a through <= 1.7.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through <= 3.8.1.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky.Com BSK PDF Manager allows Stored XSS.This issue affects BSK PDF Manager: from n/a through 3.6.
- risk 0.42cvss 6.4epss 0.00
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…
- risk 0.36cvss 5.5epss 0.00
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bsk-pdf-manager allows Retrieve Embedded Sensitive Data.This issue affects BSK PDF Manager: from n/a through <= 3.7.2.
- CVE-2014-4944Jul 14, 2014risk 0.03cvss —epss 0.04
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
- CVE-2023-5980Dec 26, 2023risk 0.00cvss —epss 0.00
The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…