Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Bestwebsoft — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting Bestwebsoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BestWebSoft operates as a software vendor specializing in WordPress plugins and themes, primarily targeting small to medium-sized businesses seeking website management tools. The company’s portfolio has been associated with twenty-nine recorded Common Vulnerabilities and Exposures (CVEs), indicating a significant historical security footprint. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls within plugin code. While no single catastrophic data breach has been widely publicized as a direct result of these specific CVEs, the recurring nature of these issues suggests systemic weaknesses in the development lifecycle. Security researchers frequently highlight the need for rigorous code auditing and timely patching to mitigate risks associated with BestWebSoft’s widely deployed extensions, emphasizing that the volume of disclosed flaws reflects ongoing challenges in maintaining secure third-party WordPress integrations.

Top products by Bestwebsoft: Contact Form Plugin Facebook Like Button Twitter Plugin Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress Portfolio Plugin Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress Multilanguage by BestWebSoft Contact Form Contact Form by BestWebSoft Error Log Viewer by BestWebSoft Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress Google Captcha Contact Form to DB by BestWebSoft Captcha by BestWebSoft Limit Attempts by BestWebSoft Post to CSV by BestWebSoft Profile Extra Fields by BestWebSoft Pagination Relevant Plugin Job Board Plugin Car Rental by BestWebSoft Captcha
CVE IDTitleCVSSSeverityPublished
CVE-2026-24598 WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Broken Access Control vulnerability — Multilanguage by BestWebSoftCWE-862 4.3 Medium2026-01-23
CVE-2025-63056 WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Broken Access Control vulnerability — Contact Form by BestWebSoftCWE-862 4.3 Medium2025-12-09
CVE-2025-9950 Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Administrator+) Arbitrary File Read — Error Log Viewer by BestWebSoftCWE-22 4.9 Medium2025-10-11
CVE-2024-13906 Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection — Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPressCWE-502 7.2 High2025-03-07
CVE-2025-24628 WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability — Google CaptchaCWE-290 5.3 Medium2025-01-27
CVE-2024-35678 WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability — Contact Form to DB by BestWebSoftCWE-89 8.5 High2024-06-08
CVE-2024-31295 WordPress Captcha by BestWebSoft plugin <= 5.2.0 - Captcha Bypass vulnerability — Captcha by BestWebSoftCWE-804 5.3 Medium2024-05-17
CVE-2024-2198 Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address — Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPressCWE-79 6.1 Medium2024-04-09
CVE-2024-2200 Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject — Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPressCWE-79 6.1 Medium2024-04-09
CVE-2024-30439 WordPress Limit Attempts by BestWebSoft plugin <= 1.2.9 - Reflected Cross Site Scripting (XSS) vulnerability — Limit Attempts by BestWebSoftCWE-79 7.1 High2024-03-29
CVE-2014-125109 BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scripting — Portfolio PluginCWE-79 3.5 Low2023-12-26
CVE-2012-10017 BestWebSoft Portfolio Plugin cross-site request forgery — Portfolio PluginCWE-352 4.3 Medium2023-12-26
CVE-2023-29096 WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.0 is vulnerable to SQL Injection — Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPressCWE-89 8.5 High2023-12-20
CVE-2023-36527 WordPress Post to CSV by BestWebSoft Plugin <= 1.4.0 is vulnerable to CSV Injection — Post to CSV by BestWebSoftCWE-1236 4.7 Medium2023-11-07
CVE-2023-36508 WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection — Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPressCWE-89 7.6 High2023-10-31
CVE-2023-4469 Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure — Profile Extra Fields by BestWebSoftCWE-862 5.3 Medium2023-10-06
CVE-2023-28778 WordPress Pagination by BestWebSoft Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) — PaginationCWE-79 5.9 Medium2023-06-22
CVE-2014-125103 BestWebSoft Twitter Plugin twitter.php twttr_settings_page cross site scripting — Twitter PluginCWE-79 2.4 Low2023-05-31
CVE-2012-10015 BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery — Twitter PluginCWE-352 4.3 Medium2023-05-30
CVE-2014-125102 Bestwebsoft Relevant Plugin Thumbnail information disclosure — Relevant PluginCWE-200 4.3 Medium2023-05-29
CVE-2014-125100 BestWebSoft Job Board Plugin cross site scripting — Job Board PluginCWE-79 3.5 Low2023-05-02
CVE-2022-44734 WordPress Car Rental by BestWebSoft Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) — Car Rental by BestWebSoftCWE-79 4.8 Medium2023-04-16
CVE-2014-125097 BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scripting — Facebook Like ButtonCWE-79 3.5 Low2023-04-10
CVE-2012-10012 BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery — Facebook Like ButtonCWE-352 4.3 Medium2023-04-09
CVE-2014-125095 BestWebSoft Contact Form Plugin bws_menu.php bws_add_menu_render cross site scripting — Contact Form PluginCWE-79 3.5 Low2023-04-09
CVE-2012-10010 BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery — Contact FormCWE-352 4.3 Medium2023-04-09
CVE-2013-10022 BestWebSoft Contact Form Plugin contact_form.php cntctfrm_check_form cross site scripting — Contact Form PluginCWE-79 3.5 Low2023-04-05
CVE-2017-20055 BestWebSoft Contact Form Plugin Stored cross site scriting — Contact Form PluginCWE-80 3.5 Low2022-06-16
CVE-2017-2171 多款WordPress插件跨站脚本漏洞 — Captcha 6.1 -2017-05-22

This page lists every published CVE security advisory associated with Bestwebsoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.