CVE-2024-2200

The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrmcontactsubject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress Job Board by BestWebSoft plugin cross-site scripting vulnerability

WordPress Job Board by BestWebSoft plugin is WordPress plugin for creating and managing job posting features. The WordPress Job Board by BestWebSoft plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Job Board by BestWebSoft plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via $GET Array Storage vulnerability discovered by Jamshed Yergashvoyev CVE Guy - Turan Security in WordPress Plugin Job Board by BestWebSoft versions = 1.2.1...

PT-2025-48008

The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized $ GET superglobal array directly into the database via update user meta when users save search...

CVE-2025-9950

The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.6 via the rrrlgvwrgetfile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of...

CVE-2025-9950

The CVE-2025-9950 issue affects the Error Log Viewer by BestWebSoft for WordPress. It is a directory traversal vulnerability exploitable by authenticated administrators (and above) to read arbitrary files via the rrrlgvwr_get_file function. The vulnerability affects versions up to 1.1.6. The issu...

EUVD-2014-1263

Malware in sbrugna...

EUVD-2024-27160

Malicious code in bioql PyPI...

EUVD-2023-40457

Malicious code in bioql PyPI...

CVE-2021-25121

The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating...

WordPress SMTP by BestWebSoft plugin <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Hoang Phuc Vo HrxKnight in WordPress Plugin SMTP by BestWebSoft versions = 1.1.9...

CVE-2025-24628 WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in bestwebsoft Google Captcha google-captcha allows Identity Spoofing.This issue affects Google Captcha: from n/a through = 1.78...

WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability

Captcha Bypass vulnerability discovered by cod3beat in WordPress Plugin Google Captcha versions = 1.78...

WordPress Realty by BestWebSoft plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Realty by BestWebSoft versions = 1.1.5...

WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Do Truong Giang Patchstack Alliance in WordPress Plugin Contact Form to DB by BestWebSoft versions = 1.7.2...

CVE-2023-6821

The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3 is affected by a Directory Listing issue, allowing users to read and download PHP logs without authorization...

CVE-2023-36508

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Databa...

CVE-2023-0820 User Role by BestWebSoft < 1.6.7 - Privilege Escalation via CSRF

The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role...

WordPress Plugin BestWebSoft 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2022-3393 Post to CSV by BestWebSoft <= 1.4.0 - Author+ CSV Injection

The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not properly escape fields when exporting data as CSV, leading to a CSV injection...