Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BestWebSoft Limit Attempts by BestWebSoft allows Reflected XSS.This issue affects Limit Attempts by BestWebSoft: from n/a through 1.2.9.

The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag

A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability.

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956.

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.0.

Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.