Lucene search
K

406 matches found

Nuclei
Nuclei
added 15 hours ago49 views

Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting

The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. id: CVE-2017-18493 info: name: Custom Admin Page by BestWebSoft 0.1.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The custom-admin-page plugin before 0.1.2 for WordPress has multiple...

6.1CVSS6.4AI score0.014EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago29 views

Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting

The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. id: CVE-2017-18491 info: name: Contact Form by BestWebSoft 4.0.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-plugin plugin before 4.0.6 for WordPress has multiple X...

6.1CVSS6.4AI score0.01464EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago34 views

Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

6.1CVSS6.4AI score0.01384EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago23 views

Timesheet Plugin < 0.1.5 - Cross-Site Scripting

The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. id: CVE-2017-18590 info: name: Timesheet Plugin 0.1.5 - Cross-Site Scripting author: Splint3r7 severity: medium description: | The Timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. impact: | Authenticated...

6.1CVSS6.4AI score0.01404EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago32 views

Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting

The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. id: CVE-2017-18492 info: name: Contact Form to DB by BestWebSoft 1.5.7 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-to-db plugin before 1.5.7 for WordPress has multip...

6.1CVSS6.4AI score0.01458EPSS
Exploits1References4
Nuclei
Nuclei
added 15 hours ago40 views

Updater by BestWebSoft < 1.35 - Cross-Site Scripting

The updater plugin before 1.35 for WordPress has multiple XSS issues. id: CVE-2017-18565 info: name: Updater by BestWebSoft 1.35 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The updater plugin before 1.35 for WordPress has multiple XSS issues. impact: | Authenticat...

6.1CVSS6.4AI score0.0139EPSS
Exploits1References4
CVE
CVE
added 2026/04/08 6:43 a.m.13 views

CVE-2026-3618

The CVE concerns the WordPress plugin Columns by BestWebSoft (

6.4CVSS6AI score0.00302EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/04/08 6:43 a.m.1 views

CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute

The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the printclmns shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. The...

6.4CVSS6AI score0.00302EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/08 6:43 a.m.24 views

CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute

The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the printclmns shortcode in all versions up to and including 1.0.3. This is due to insufficient input sanitization and output escaping on the 'id' attribute. The...

6.4CVSS0.00302EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/04/08 1:53 a.m.7 views

WordPress Columns by BestWebSoft plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Columns by BestWebSoft versions = 1.0.3...

6.4CVSS5.9AI score0.00302EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

WordPress plugin Columns by BestWebSoft 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00302EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/02/03 9:21 a.m.7 views

WordPress Contact Form by BestWebSoft plugin <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject vulnerability

Reflected Cross-Site Scripting via cntctfrmcontactsubject vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Contact Form by BestWebSoft versions = 4.2.8...

6.1CVSS5.3AI score0.00495EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.5 views

CVE-2026-24598

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...

4.3CVSS5.4AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/01/23 3:16 p.m.7 views

CVE-2026-24598

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...

4.3CVSS0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 2:29 p.m.2 views

CVE-2026-24598

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...

4.3CVSS5.9AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/23 2:29 p.m.2 views

CVE-2026-24598 WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...

4.3CVSS5.4AI score0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/01/23 2:29 p.m.10 views

CVE-2026-24598

CVE-2026-24598 : The WordPress plugin Multilanguage by BestWebSoft (versions through 1.5.2) contains a Missing Authorization (Broken Access Control) vulnerability. Public documents (NVD, Red Hat, CVE list, PatchStack) confirm affected software and the issue class, but do not provide exploit detai...

4.3CVSS5.4AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/23 2:29 p.m.30 views

CVE-2026-24598 WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in bestwebsoft Multilanguage by BestWebSoft multilanguage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multilanguage by BestWebSoft: from n/a through = 1.5.2...

4.3CVSS0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

WordPress plugin Multilanguage by BestWebSoft has security vulnerabilities.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.6 views

PT-2026-4432

Name of the Vulnerable Software and Affected Versions bestwebsoft Multilanguage by BestWebSoft versions through 1.5.2 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. Recommendations Update bestwebsoft Multilanguage ...

4.3CVSS5.3AI score0.00255EPSS
Exploits0References4
Rows per page
Query Builder