Known Vulnerabilities for products from BestWebSoft

Listed below are 20 of the newest known vulnerabilities associated with the vendor "BestWebSoft".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-24598 json Not Provided 2026-01-23 2026-04-28
CVE-2026-3618 json Not Provided 2026-04-08 2026-04-13
CVE-2025-63056 json Not Provided 2025-12-09 2026-04-27
CVE-2025-39527 json Not Provided 2025-04-17 2026-04-23
CVE-2025-31099 json Not Provided 2025-03-28 2026-04-23
CVE-2025-24628 json Not Provided 2025-01-27 2026-04-29
CVE-2025-13383 json Not Provided 2025-11-25 2026-04-08
CVE-2025-9950 json Not Provided 2025-10-11 2026-04-08
CVE-2024-51786 json Not Provided 2024-11-09 2026-04-23
CVE-2024-30439 json Not Provided 2024-03-29 2026-04-28
CVE-2024-2200 json The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_cont... Not Provided 2024-04-09 2026-04-08
CVE-2023-45771 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captc... Not Provided 2024-03-26 2026-04-28
CVE-2023-36527 json Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue ... Not Provided 2023-11-07 2026-04-28
CVE-2023-36508 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact For... Not Provided 2023-10-31 2026-04-28
CVE-2023-29096 json Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact For... Not Provided 2023-12-20 2026-04-28
CVE-2023-28778 json Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. 4.8 - MEDIUM 2023-06-22 2023-06-28
CVE-2023-6250 json Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions. 7.5 - HIGH 2023-12-26 2024-01-02
CVE-2023-4469 json The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing ca... Not Provided 2023-10-06 2026-04-08
CVE-2023-0820 json The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilit... 8.8 - HIGH 2023-04-03 2023-11-07
CVE-2023-0765 json The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an B... 8.8 - HIGH 2023-04-17 2023-11-07
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from BestWebSoft

Type Vendor Product Version
ApplicationBestwebsoftCaptcha1.0
ApplicationBestwebsoftCar Rental1.0.0
ApplicationBestwebsoftContact Form1.00
ApplicationBestwebsoftContact Form Multi1.0.1
ApplicationBestwebsoftContact Form To Db1.0
ApplicationBestwebsoftCustom Admin-
ApplicationBestwebsoftCustom Admin Page0.1
ApplicationBestwebsoftCustom Fields Search1.3.1
ApplicationBestwebsoftCustom Search1.01
ApplicationBestwebsoftDonate1.0
ApplicationBestwebsoftEmail Queue1.1.1
ApplicationBestwebsoftError Log Viewer1.0.0
ApplicationBestwebsoftFacebook Button1
ApplicationBestwebsoftFeatured Posts1.0.0
ApplicationBestwebsoftGallery1.01
ApplicationBestwebsoftGallery Categories1.0.8
ApplicationBestwebsoftGoogle Adsense1.43
ApplicationBestwebsoftGoogle Analytics1.0
ApplicationBestwebsoftGoogle Captcha1.12
ApplicationBestwebsoftGoogle Captcha Recaptcha1.12
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report