Sign in Get started

← All vendors

Vendor

Webberzone

Sign in to watch

Products

3

CVEs

7

Across products

7

Status

Private

Products

3

Better Search
3 CVEs
Top 10
3 CVEs
Knowledge Base
1 CVE

Recent CVEs

7

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2021-4373	Hig	0.57	8.8	0.00		Jun 7, 2023	The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-29142	Hig	0.46	7.1	0.00		Mar 19, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0.
CVE-2024-51677	Med	0.42	6.5	0.00		Nov 4, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Knowledge Base knowledgebase allows Stored XSS.This issue affects Knowledge Base: from n/a through <= 2.2.0.
CVE-2020-36761	Med	0.28	4.3	0.00		Jul 12, 2023	The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10 table via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2021-4400	Med	0.28	4.3	0.00		Jul 1, 2023	The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2023-25993	Med	0.21	4.3	0.00		Dec 9, 2024	Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3.
CVE-2023-47238	Med	0.21	4.3	0.00		Nov 9, 2023	Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.