bestweblayout 厂商漏洞列表 / CVE 中文分析 7

bestweblayout 厂商相关 7 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

该厂商专注于提供网页布局解决方案，帮助开发者构建响应式网站界面。历史上，其产品多次暴露跨站脚本(XSS)和远程代码执行(RCE)漏洞，主要源于输入验证不足和组件安全缺陷。截至最新统计，已记录7条CVE漏洞，多数涉及未经验证的用户输入处理。安全团队建议实施严格的输入过滤和输出编码，并定期更新组件以防范已知漏洞。

上位製品 bestweblayout: Realty by BestWebSoft SMTP by BestWebSoft Slider by BestWebSoft Rating by BestWebSoft Portfolio Job Board by BestWebSoft Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets

CVEs 7

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-3618	Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute — Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and WidgetsCWE-79	6.4	Medium	2026-04-08
CVE-2025-13383	Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage — Job Board by BestWebSoftCWE-79	6.1	Medium	2025-11-25
CVE-2025-58245	WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability — PortfolioCWE-79	5.9	Medium	2025-09-22
CVE-2025-39527	WordPress Rating by BestWebSoft plugin <= 1.7 - PHP Object Injection Vulnerability — Rating by BestWebSoftCWE-502	8.8	High	2025-04-17
CVE-2025-31099	WordPress Slider by BestWebSoft plugin <= 1.1.0 - SQL Injection Vulnerability — Slider by BestWebSoftCWE-89	7.6	High	2025-03-28
CVE-2024-13908	SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload — SMTP by BestWebSoftCWE-434	7.2	High	2025-03-08
CVE-2024-51786	WordPress Realty by BestWebSoft plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability — Realty by BestWebSoftCWE-79	6.5	Medium	2024-11-09

本页汇总了 bestweblayout 厂商截至目前公开的全部 7 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

bestweblayout 厂商漏洞列表 / CVE 中文分析 7

目標達成すべての支援者に感謝 — 100%達成しました！