Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

bestweblayout — Vulnerabilities & Security Advisories 7

Browse all 7 CVE security advisories affecting bestweblayout. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Bestweblayout is a web layout framework primarily used for creating responsive website interfaces. Historically, it has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its 7 recorded CVEs. The framework's security characteristics include insufficient input validation and insecure default configurations. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for implementations lacking proper hardening. Organizations using bestweblayout should prioritize applying security patches and implementing additional safeguards to mitigate exploitation risks.

Top products by bestweblayout: Realty by BestWebSoft SMTP by BestWebSoft Slider by BestWebSoft Rating by BestWebSoft Portfolio Job Board by BestWebSoft Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and Widgets
CVE IDTitleCVSSSeverityPublished
CVE-2026-3618 Columns by BestWebSoft <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'columns' Shortcode 'id' Attribute — Columns by BestWebSoft – Additional Columns Plugin for Posts Pages and WidgetsCWE-79 6.4 Medium2026-04-08
CVE-2025-13383 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage — Job Board by BestWebSoftCWE-79 6.1 Medium2025-11-25
CVE-2025-58245 WordPress Portfolio Plugin <= 2.58 - Cross Site Scripting (XSS) Vulnerability — PortfolioCWE-79 5.9 Medium2025-09-22
CVE-2025-39527 WordPress Rating by BestWebSoft plugin <= 1.7 - PHP Object Injection Vulnerability — Rating by BestWebSoftCWE-502 8.8 High2025-04-17
CVE-2025-31099 WordPress Slider by BestWebSoft plugin <= 1.1.0 - SQL Injection Vulnerability — Slider by BestWebSoftCWE-89 7.6 High2025-03-28
CVE-2024-13908 SMTP by BestWebSoft <= 1.1.9 - Authenticated (Administrator+) Arbitrary File Upload — SMTP by BestWebSoftCWE-434 7.2 High2025-03-08
CVE-2024-51786 WordPress Realty by BestWebSoft plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability — Realty by BestWebSoftCWE-79 6.5 Medium2024-11-09

This page lists every published CVE security advisory associated with bestweblayout. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.