406 matches found
WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Multilanguage by BestWebSoft versions = 1.5.2...
CVE-2023-29096
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a throug...
CVE-2024-2200
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrmcontactsubject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-63056
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.6...
EUVD-2025-201973
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.5...
CVE-2025-63056
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.6...
CVE-2025-63056 WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.6...
CVE-2025-63056 WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.6...
CVE-2025-63056
CVE-2025-63056 corresponds to a Missing Authorization flaw in the WordPress plugin Contact Form by BestWebSoft (versions up to and including 4.3.5). The issue is a bypass of access controls in the plugin’s configuration, enabling unauthorized access as described in the CVE entry. Public sources i...
WordPress plugin Contact Form by BestWebSoft 安全漏洞
...
PT-2025-50056
Missing Authorization vulnerability in bestwebsoft Contact Form by BestWebSoft contact-form-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by BestWebSoft: from n/a through = 4.3.5...
WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Contact Form by BestWebSoft versions = 4.3.6...
WordPress Job Board by BestWebSoft plugin cross-site scripting vulnerability
WordPress Job Board by BestWebSoft plugin is WordPress plugin for creating and managing job posting features. The WordPress Job Board by BestWebSoft plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...
CVE-2025-13383
The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized $GET superglobal array directly into the database via updateusermeta when users save search results,...
CVE-2025-13383
The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized $GET superglobal array directly into the database via updateusermeta when users save search results,...
CVE-2025-13383
CVE-2025-13383 concerns the WordPress plugin “Job Board by BestWebSoft.” The issue is a stored XSS caused by unsafely storing the entire GET array via update_user_meta() and later outputting it without proper escaping, enabling unauthenticated attackers to inject scripts when users view saved sea...
CVE-2025-13383 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage
The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized $GET superglobal array directly into the database via updateusermeta when users save search results,...
CVE-2025-13383 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage
The Job Board by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.1. This is due to the plugin storing the entire unsanitized $GET superglobal array directly into the database via updateusermeta when users save search results,...
WordPress Job Board by BestWebSoft plugin <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via $GET Array Storage vulnerability discovered by Jamshed Yergashvoyev CVE Guy - Turan Security in WordPress Plugin Job Board by BestWebSoft versions = 1.2.1...
WordPress plugin Job Board by BestWebSoft 跨站脚本漏洞
WordPress Job Board by BestWebSoft plugin is WordPress plugin for creating and managing job posting features. The WordPress Job Board by BestWebSoft plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...