VYPR

Vendor CVEs

Bestwebsoft

All CVEs

72 total · sorted by risk
  • CVE-2025-49410CriAug 20, 2025
    risk 0.65cvss 10.0epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Testimonials: from n/a through 1.1.1.

  • CVE-2023-29096HigDec 20, 2023
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For…

  • CVE-2025-31099HigMar 28, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bestweblayout Slider by BestWebSoft slider-bws allows SQL Injection.This issue affects Slider by BestWebSoft: from n/a through <= 1.1.0.

  • CVE-2023-36508HigOct 31, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by…

  • CVE-2023-45771HigMar 26, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.

  • CVE-2026-3618MedApr 8, 2026
    risk 0.42cvss 6.4epss 0.00

    The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the [print_clmns] shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id'…

  • CVE-2025-30935MedJun 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NickDuncan Contact Form contact-form-ready allows DOM-Based XSS.This issue affects Contact Form: from n/a through <= 2.0.12.

  • CVE-2024-51786MedNov 9, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bestweblayout Realty by BestWebSoft realty allows Stored XSS.This issue affects Realty by BestWebSoft: from n/a through <= 1.1.5.

  • CVE-2024-13906HigMar 7, 2025
    risk 0.40cvss 7.2epss 0.01

    The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. This makes…

  • CVE-2017-2171MedMay 22, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom…

  • CVE-2024-43126HigAug 12, 2024
    risk 0.39cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce allows Reflected XSS.This issue affects Sender – Newsletter, SMS and Email Marketing…

  • CVE-2025-24628MedJan 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Authentication Bypass by Spoofing vulnerability in bestwebsoft Google Captcha google-captcha allows Identity Spoofing.This issue affects Google Captcha: from n/a through <= 1.78.

  • CVE-2023-41862MedDec 13, 2024
    risk 0.34cvss 5.3epss 0.01

    Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0.

  • CVE-2024-31295MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.00

    Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.

  • CVE-2025-13383MedNov 25, 2025
    risk 0.33cvss 6.1epss 0.00

    The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized `$_GET` superglobal array directly into the database via `update_user_meta()` when…

  • CVE-2024-2200MedApr 9, 2024
    risk 0.33cvss 6.1epss 0.01

    The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2025-9950MedOct 11, 2025
    risk 0.32cvss 4.9epss 0.01

    The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwr_get_file function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read…

  • CVE-2023-36527MedNov 7, 2023
    risk 0.31cvss 4.7epss 0.01

    Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.

  • CVE-2026-24598MedJan 23, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through <= 1.5.2.

  • CVE-2025-63056MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through <= 4.3.6.

  • CVE-2023-4469MedOct 6, 2023
    risk 0.27cvss 5.3epss 0.00

    The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to…

  • CVE-2007-3199Jun 12, 2007
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.

  • CVE-2024-8615Nov 6, 2024
    risk 0.01cvss epss 0.01

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated…

  • CVE-2024-8614Nov 6, 2024
    risk 0.01cvss epss 0.01

    The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with…

  • CVE-2024-13908Mar 8, 2025
    risk 0.00cvss epss 0.01

    The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Administrator-level…

  • CVE-2024-8364Sep 19, 2024
    risk 0.00cvss epss 0.00

    The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes…

  • CVE-2024-39657Aug 26, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18.

  • CVE-2024-3112Jul 12, 2024
    risk 0.00cvss epss 0.00

    The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

  • CVE-2024-35678Jun 8, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2.

  • CVE-2024-3369Apr 6, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload. The attack may be…

  • CVE-2023-6821Mar 18, 2024
    risk 0.00cvss epss 0.01

    The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization

  • CVE-2014-125109Dec 26, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site…

  • CVE-2012-10017Dec 26, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06…

  • CVE-2023-3504Jul 4, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the argument filename leads to unrestricted upload.…

  • CVE-2023-28778Jun 22, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.

  • CVE-2014-125100May 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address…

  • CVE-2023-0765Apr 17, 2023
    risk 0.00cvss epss 0.01

    The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin…

  • CVE-2023-0764Apr 17, 2023
    risk 0.00cvss epss 0.00

    The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.

  • CVE-2022-44734Apr 16, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions.

  • CVE-2014-125097Apr 10, 2023
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the…

  • CVE-2012-10012Apr 9, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery.…

  • CVE-2014-125095Apr 9, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site…

  • CVE-2012-10010Apr 9, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.…

  • CVE-2023-24411Apr 6, 2023
    risk 0.00cvss epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.

  • CVE-2013-10022Apr 5, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site…

  • CVE-2022-45817Mar 17, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions.

  • CVE-2022-3393Oct 25, 2022
    risk 0.00cvss epss 0.01

    The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection

  • CVE-2017-20055Jun 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the…

  • CVE-2020-20626Aug 31, 2020
    risk 0.00cvss epss 0.01

    lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.

  • CVE-2020-8658Feb 6, 2020
    risk 0.00cvss epss 0.10

    The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccess_editor CSRF. The flag htccss_nonce_name passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of…

Page 1 of 2