Search
Find a vulnerability
Search criteria
8 vulnerabilities found for Gallery by BestWebSoft
CVE-2026-57642 (GCVE-0-2026-57642)
Vulnerability from nvd – Published: 2026-06-26 14:53 – Updated: 2026-06-29 15:54
VLAI
Title
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
Summary
Contributor SQL Injection in Gallery <= 4.7.8 versions.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bestwebsoft | Gallery |
Affected:
n/a , ≤ 4.7.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T15:54:02.472760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T15:54:11.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "gallery-plugin",
"product": "Gallery",
"vendor": "bestwebsoft",
"versions": [
{
"changes": [
{
"at": "4.7.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.7.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "dodoh4t | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contributor SQL Injection in Gallery \u003c= 4.7.8 versions."
}
],
"value": "Contributor SQL Injection in Gallery \u003c= 4.7.8 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T14:53:16.363Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/gallery-plugin/vulnerability/wordpress-gallery-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Gallery Plugin to the latest available version (at least 4.7.9)."
}
],
"value": "Update the WordPress Gallery Plugin to the latest available version (at least 4.7.9)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Gallery plugin \u003c= 4.7.8 - SQL Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-57642",
"datePublished": "2026-06-26T14:53:16.363Z",
"dateReserved": "2026-06-25T08:03:17.055Z",
"dateUpdated": "2026-06-29T15:54:11.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0765 (GCVE-0-2023-0765)
Vulnerability from nvd – Published: 2023-04-17 12:17 – Updated: 2025-03-05 18:54
VLAI
Title
Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
Summary
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 SQL Injection
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/2699cefa-1cae-4e… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Gallery by BestWebSoft |
Affected:
0 , < 4.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0765",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:54:35.579760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:54:54.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Gallery by BestWebSoft",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dc11"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor\u0027s Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T12:17:39.159Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Gallery by BestWebSoft \u003c 4.7.0 - Author+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-0765",
"datePublished": "2023-04-17T12:17:39.159Z",
"dateReserved": "2023-02-09T16:53:54.532Z",
"dateUpdated": "2025-03-05T18:54:54.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0764 (GCVE-0-2023-0764)
Vulnerability from nvd – Published: 2023-04-17 12:17 – Updated: 2025-02-06 16:43
VLAI
Title
Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting
Summary
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d48c6c50-3734-41… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Gallery by BestWebSoft |
Affected:
0 , < 4.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d48c6c50-3734-4191-9833-0d9b09b1bd8a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0764",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:42:40.828418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:43:09.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Gallery by BestWebSoft",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dc11"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T12:17:37.533Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/d48c6c50-3734-4191-9833-0d9b09b1bd8a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Gallery by BestWebSoft \u003c 4.7.0 - Author+ Stored Cross-Site Scripting",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-0764",
"datePublished": "2023-04-17T12:17:37.533Z",
"dateReserved": "2023-02-09T16:53:44.812Z",
"dateUpdated": "2025-02-06T16:43:09.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2171 (GCVE-0-2017-2171)
Vulnerability from nvd – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 | third-party-advisoryx_refsource_JVNDB |
| https://jvn.jp/en/jp/JVN24834813/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
51 products
| Vendor | Product | Version | |
|---|---|---|---|
| BestWebSoft | Captcha |
Affected:
prior to version 4.3.0
|
|
| BestWebSoft | Car Rental |
Affected:
prior to version 1.0.5
|
|
| BestWebSoft | Contact Form Multi |
Affected:
prior to version 1.2.1
|
|
| BestWebSoft | Contact Form |
Affected:
prior to version 4.0.6
|
|
| BestWebSoft | Contact Form to DB |
Affected:
prior to version 1.5.7
|
|
| BestWebSoft | Custom Admin Page |
Affected:
prior to version 0.1.2
|
|
| BestWebSoft | Custom Fields Search |
Affected:
prior to version 1.3.2
|
|
| BestWebSoft | Custom Search |
Affected:
prior to version 1.36
|
|
| BestWebSoft | Donate |
Affected:
prior to version 2.1.1
|
|
| BestWebSoft | Email Queue |
Affected:
prior to version 1.1.2
|
|
| BestWebSoft | Error Log Viewer |
Affected:
prior to version 1.0.6
|
|
| BestWebSoft | Facebook Button |
Affected:
prior to version 2.54
|
|
| BestWebSoft | Featured Posts |
Affected:
prior to version 1.0.1
|
|
| BestWebSoft | Gallery Categories |
Affected:
prior to version 1.0.9
|
|
| BestWebSoft | Gallery |
Affected:
prior to version 4.5.0
|
|
| BestWebSoft | Google +1 |
Affected:
prior to version 1.3.4
|
|
| BestWebSoft | Google AdSense |
Affected:
prior to version 1.44
|
|
| BestWebSoft | Google Analytics |
Affected:
prior to version 1.7.1
|
|
| BestWebSoft | Google Captcha (reCAPTCHA) |
Affected:
prior to version 1.28
|
|
| BestWebSoft | Google Maps |
Affected:
prior to version 1.3.6
|
|
| BestWebSoft | Google Shortlink |
Affected:
prior to version 1.5.3
|
|
| BestWebSoft | Google Sitemap |
Affected:
prior to version 3.0.8
|
|
| BestWebSoft | Htaccess |
Affected:
prior to version 1.7.6
|
|
| BestWebSoft | Job Board |
Affected:
prior to version 1.1.3
|
|
| BestWebSoft | Latest Posts |
Affected:
prior to version 0.3
|
|
| BestWebSoft | Limit Attempts |
Affected:
prior to version 1.1.8
|
|
| BestWebSoft |
Affected:
prior to version 1.0.5
|
||
| BestWebSoft | Multilanguage |
Affected:
prior to version 1.2.2
|
|
| BestWebSoft | PDF & Print |
Affected:
prior to version 1.9.4
|
|
| BestWebSoft | Pagination |
Affected:
prior to version 1.0.7
|
|
| BestWebSoft |
Affected:
prior to version 1.0.5
|
||
| BestWebSoft | Popular Posts |
Affected:
prior to version 1.0.5
|
|
| BestWebSoft | Portfolio |
Affected:
prior to version 2.4
|
|
| BestWebSoft | Post to CSV |
Affected:
prior to version 1.3.1
|
|
| BestWebSoft | Profile Extra |
Affected:
prior to version 1.0.7
|
|
| BestWebSoft | PromoBar |
Affected:
prior to version 1.1.1
|
|
| BestWebSoft | Quotes and Tips |
Affected:
prior to version 1.32
|
|
| BestWebSoft | Re-attacher |
Affected:
prior to version 1.0.9
|
|
| BestWebSoft | Realty |
Affected:
prior to version 1.1.0
|
|
| BestWebSoft | Relevant - Related Posts |
Affected:
prior to version 1.2.0
|
|
| BestWebSoft | Sender |
Affected:
prior to version 1.2.1
|
|
| BestWebSoft | SMTP |
Affected:
prior to version 1.1.0
|
|
| BestWebSoft | Social Buttons Pack |
Affected:
prior to version 1.1.1
|
|
| BestWebSoft | Subscriber |
Affected:
prior to version 1.3.5
|
|
| BestWebSoft | Testimonials |
Affected:
prior to version 0.1.9
|
|
| BestWebSoft | Timesheet |
Affected:
prior to version 0.1.5
|
|
| BestWebSoft | Twitter Button |
Affected:
prior to version 2.55
|
|
| BestWebSoft | User Role |
Affected:
prior to version 1.5.6
|
|
| BestWebSoft | Updater |
Affected:
prior to version 1.35
|
|
| BestWebSoft | Visitors Online |
Affected:
prior to version 1.0.0
|
|
| BestWebSoft | Zendesk Help Center |
Affected:
prior to version 1.0.5
|
Date Public
2017-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094"
},
{
"name": "JVN#24834813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN24834813/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Captcha",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 4.3.0"
}
]
},
{
"product": "Car Rental",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Contact Form Multi",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.1"
}
]
},
{
"product": "Contact Form",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 4.0.6"
}
]
},
{
"product": "Contact Form to DB",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.5.7"
}
]
},
{
"product": "Custom Admin Page",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.1.2"
}
]
},
{
"product": "Custom Fields Search",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.2"
}
]
},
{
"product": "Custom Search",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.36"
}
]
},
{
"product": "Donate",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.1"
}
]
},
{
"product": "Email Queue",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.2"
}
]
},
{
"product": "Error Log Viewer",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.6"
}
]
},
{
"product": "Facebook Button",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.54"
}
]
},
{
"product": "Featured Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.1"
}
]
},
{
"product": "Gallery Categories",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.9"
}
]
},
{
"product": "Gallery",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 4.5.0"
}
]
},
{
"product": "Google +1",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.4"
}
]
},
{
"product": "Google AdSense",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.44"
}
]
},
{
"product": "Google Analytics",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.7.1"
}
]
},
{
"product": "Google Captcha (reCAPTCHA)",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.28"
}
]
},
{
"product": "Google Maps",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.6"
}
]
},
{
"product": "Google Shortlink",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.5.3"
}
]
},
{
"product": "Google Sitemap",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 3.0.8"
}
]
},
{
"product": "Htaccess",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.7.6"
}
]
},
{
"product": "Job Board",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.3"
}
]
},
{
"product": "Latest Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.3"
}
]
},
{
"product": "Limit Attempts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.8"
}
]
},
{
"product": "LinkedIn",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Multilanguage",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.2"
}
]
},
{
"product": "PDF \u0026 Print",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.9.4"
}
]
},
{
"product": "Pagination",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.7"
}
]
},
{
"product": "Pinterest",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Popular Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Portfolio",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.4"
}
]
},
{
"product": "Post to CSV",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.1"
}
]
},
{
"product": "Profile Extra",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.7"
}
]
},
{
"product": "PromoBar",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.1"
}
]
},
{
"product": "Quotes and Tips",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.32"
}
]
},
{
"product": "Re-attacher",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.9"
}
]
},
{
"product": "Realty",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.0"
}
]
},
{
"product": "Relevant - Related Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.0"
}
]
},
{
"product": "Sender",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.1"
}
]
},
{
"product": "SMTP",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.0"
}
]
},
{
"product": "Social Buttons Pack",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.1"
}
]
},
{
"product": "Subscriber",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.5"
}
]
},
{
"product": "Testimonials",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.1.9"
}
]
},
{
"product": "Timesheet",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.1.5"
}
]
},
{
"product": "Twitter Button",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.55"
}
]
},
{
"product": "User Role",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.5.6"
}
]
},
{
"product": "Updater",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.35"
}
]
},
{
"product": "Visitors Online",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.0"
}
]
},
{
"product": "Zendesk Help Center",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
}
],
"datePublic": "2017-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF \u0026 Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094"
},
{
"name": "JVN#24834813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN24834813/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Captcha",
"version": {
"version_data": [
{
"version_value": "prior to version 4.3.0"
}
]
}
},
{
"product_name": "Car Rental",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Contact Form Multi",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.1"
}
]
}
},
{
"product_name": "Contact Form",
"version": {
"version_data": [
{
"version_value": "prior to version 4.0.6"
}
]
}
},
{
"product_name": "Contact Form to DB",
"version": {
"version_data": [
{
"version_value": "prior to version 1.5.7"
}
]
}
},
{
"product_name": "Custom Admin Page",
"version": {
"version_data": [
{
"version_value": "prior to version 0.1.2"
}
]
}
},
{
"product_name": "Custom Fields Search",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.2"
}
]
}
},
{
"product_name": "Custom Search",
"version": {
"version_data": [
{
"version_value": "prior to version 1.36"
}
]
}
},
{
"product_name": "Donate",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.1"
}
]
}
},
{
"product_name": "Email Queue",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.2"
}
]
}
},
{
"product_name": "Error Log Viewer",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.6"
}
]
}
},
{
"product_name": "Facebook Button",
"version": {
"version_data": [
{
"version_value": "prior to version 2.54"
}
]
}
},
{
"product_name": "Featured Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.1"
}
]
}
},
{
"product_name": "Gallery Categories",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.9"
}
]
}
},
{
"product_name": "Gallery",
"version": {
"version_data": [
{
"version_value": "prior to version 4.5.0"
}
]
}
},
{
"product_name": "Google +1",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.4"
}
]
}
},
{
"product_name": "Google AdSense",
"version": {
"version_data": [
{
"version_value": "prior to version 1.44"
}
]
}
},
{
"product_name": "Google Analytics",
"version": {
"version_data": [
{
"version_value": "prior to version 1.7.1"
}
]
}
},
{
"product_name": "Google Captcha (reCAPTCHA)",
"version": {
"version_data": [
{
"version_value": "prior to version 1.28"
}
]
}
},
{
"product_name": "Google Maps",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.6"
}
]
}
},
{
"product_name": "Google Shortlink",
"version": {
"version_data": [
{
"version_value": "prior to version 1.5.3"
}
]
}
},
{
"product_name": "Google Sitemap",
"version": {
"version_data": [
{
"version_value": "prior to version 3.0.8"
}
]
}
},
{
"product_name": "Htaccess",
"version": {
"version_data": [
{
"version_value": "prior to version 1.7.6"
}
]
}
},
{
"product_name": "Job Board",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.3"
}
]
}
},
{
"product_name": "Latest Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 0.3"
}
]
}
},
{
"product_name": "Limit Attempts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.8"
}
]
}
},
{
"product_name": "LinkedIn",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Multilanguage",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.2"
}
]
}
},
{
"product_name": "PDF \u0026 Print",
"version": {
"version_data": [
{
"version_value": "prior to version 1.9.4"
}
]
}
},
{
"product_name": "Pagination",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.7"
}
]
}
},
{
"product_name": "Pinterest",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Popular Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Portfolio",
"version": {
"version_data": [
{
"version_value": "prior to version 2.4"
}
]
}
},
{
"product_name": "Post to CSV",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.1"
}
]
}
},
{
"product_name": "Profile Extra",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.7"
}
]
}
},
{
"product_name": "PromoBar",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.1"
}
]
}
},
{
"product_name": "Quotes and Tips",
"version": {
"version_data": [
{
"version_value": "prior to version 1.32"
}
]
}
},
{
"product_name": "Re-attacher",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.9"
}
]
}
},
{
"product_name": "Realty",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.0"
}
]
}
},
{
"product_name": "Relevant - Related Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.0"
}
]
}
},
{
"product_name": "Sender",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.1"
}
]
}
},
{
"product_name": "SMTP",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.0"
}
]
}
},
{
"product_name": "Social Buttons Pack",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.1"
}
]
}
},
{
"product_name": "Subscriber",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.5"
}
]
}
},
{
"product_name": "Testimonials",
"version": {
"version_data": [
{
"version_value": "prior to version 0.1.9"
}
]
}
},
{
"product_name": "Timesheet",
"version": {
"version_data": [
{
"version_value": "prior to version 0.1.5"
}
]
}
},
{
"product_name": "Twitter Button",
"version": {
"version_data": [
{
"version_value": "prior to version 2.55"
}
]
}
},
{
"product_name": "User Role",
"version": {
"version_data": [
{
"version_value": "prior to version 1.5.6"
}
]
}
},
{
"product_name": "Updater",
"version": {
"version_data": [
{
"version_value": "prior to version 1.35"
}
]
}
},
{
"product_name": "Visitors Online",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.0"
}
]
}
},
{
"product_name": "Zendesk Help Center",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
}
]
},
"vendor_name": "BestWebSoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF \u0026 Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000094",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094"
},
{
"name": "JVN#24834813",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN24834813/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2171",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-57642 (GCVE-0-2026-57642)
Vulnerability from cvelistv5 – Published: 2026-06-26 14:53 – Updated: 2026-06-29 15:54
VLAI
Title
WordPress Gallery plugin <= 4.7.8 - SQL Injection vulnerability
Summary
Contributor SQL Injection in Gallery <= 4.7.8 versions.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/wordpress/plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bestwebsoft | Gallery |
Affected:
n/a , ≤ 4.7.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T15:54:02.472760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T15:54:11.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "gallery-plugin",
"product": "Gallery",
"vendor": "bestwebsoft",
"versions": [
{
"changes": [
{
"at": "4.7.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.7.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "dodoh4t | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Contributor SQL Injection in Gallery \u003c= 4.7.8 versions."
}
],
"value": "Contributor SQL Injection in Gallery \u003c= 4.7.8 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T14:53:16.363Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/gallery-plugin/vulnerability/wordpress-gallery-plugin-4-7-8-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Gallery Plugin to the latest available version (at least 4.7.9)."
}
],
"value": "Update the WordPress Gallery Plugin to the latest available version (at least 4.7.9)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Gallery plugin \u003c= 4.7.8 - SQL Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-57642",
"datePublished": "2026-06-26T14:53:16.363Z",
"dateReserved": "2026-06-25T08:03:17.055Z",
"dateUpdated": "2026-06-29T15:54:11.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0765 (GCVE-0-2023-0765)
Vulnerability from cvelistv5 – Published: 2023-04-17 12:17 – Updated: 2025-03-05 18:54
VLAI
Title
Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
Summary
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 SQL Injection
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/2699cefa-1cae-4e… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Gallery by BestWebSoft |
Affected:
0 , < 4.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0765",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:54:35.579760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:54:54.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Gallery by BestWebSoft",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dc11"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor\u0027s Slider plugin (https://wordpress.org/plugins/slider-bws/) must also be installed for this vulnerability to be exploitable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T12:17:39.159Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/2699cefa-1cae-4ef3-ad81-7f3db3fcce25"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Gallery by BestWebSoft \u003c 4.7.0 - Author+ SQL Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-0765",
"datePublished": "2023-04-17T12:17:39.159Z",
"dateReserved": "2023-02-09T16:53:54.532Z",
"dateUpdated": "2025-03-05T18:54:54.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0764 (GCVE-0-2023-0764)
Vulnerability from cvelistv5 – Published: 2023-04-17 12:17 – Updated: 2025-02-06 16:43
VLAI
Title
Gallery by BestWebSoft < 4.7.0 - Author+ Stored Cross-Site Scripting
Summary
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/d48c6c50-3734-41… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Gallery by BestWebSoft |
Affected:
0 , < 4.7.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d48c6c50-3734-4191-9833-0d9b09b1bd8a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0764",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:42:40.828418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:43:09.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Gallery by BestWebSoft",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.7.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "dc11"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T12:17:37.533Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/d48c6c50-3734-4191-9833-0d9b09b1bd8a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Gallery by BestWebSoft \u003c 4.7.0 - Author+ Stored Cross-Site Scripting",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-0764",
"datePublished": "2023-04-17T12:17:37.533Z",
"dateReserved": "2023-02-09T16:53:44.812Z",
"dateUpdated": "2025-02-06T16:43:09.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2171 (GCVE-0-2017-2171)
Vulnerability from cvelistv5 – Published: 2017-05-22 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 | third-party-advisoryx_refsource_JVNDB |
| https://jvn.jp/en/jp/JVN24834813/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
51 products
| Vendor | Product | Version | |
|---|---|---|---|
| BestWebSoft | Captcha |
Affected:
prior to version 4.3.0
|
|
| BestWebSoft | Car Rental |
Affected:
prior to version 1.0.5
|
|
| BestWebSoft | Contact Form Multi |
Affected:
prior to version 1.2.1
|
|
| BestWebSoft | Contact Form |
Affected:
prior to version 4.0.6
|
|
| BestWebSoft | Contact Form to DB |
Affected:
prior to version 1.5.7
|
|
| BestWebSoft | Custom Admin Page |
Affected:
prior to version 0.1.2
|
|
| BestWebSoft | Custom Fields Search |
Affected:
prior to version 1.3.2
|
|
| BestWebSoft | Custom Search |
Affected:
prior to version 1.36
|
|
| BestWebSoft | Donate |
Affected:
prior to version 2.1.1
|
|
| BestWebSoft | Email Queue |
Affected:
prior to version 1.1.2
|
|
| BestWebSoft | Error Log Viewer |
Affected:
prior to version 1.0.6
|
|
| BestWebSoft | Facebook Button |
Affected:
prior to version 2.54
|
|
| BestWebSoft | Featured Posts |
Affected:
prior to version 1.0.1
|
|
| BestWebSoft | Gallery Categories |
Affected:
prior to version 1.0.9
|
|
| BestWebSoft | Gallery |
Affected:
prior to version 4.5.0
|
|
| BestWebSoft | Google +1 |
Affected:
prior to version 1.3.4
|
|
| BestWebSoft | Google AdSense |
Affected:
prior to version 1.44
|
|
| BestWebSoft | Google Analytics |
Affected:
prior to version 1.7.1
|
|
| BestWebSoft | Google Captcha (reCAPTCHA) |
Affected:
prior to version 1.28
|
|
| BestWebSoft | Google Maps |
Affected:
prior to version 1.3.6
|
|
| BestWebSoft | Google Shortlink |
Affected:
prior to version 1.5.3
|
|
| BestWebSoft | Google Sitemap |
Affected:
prior to version 3.0.8
|
|
| BestWebSoft | Htaccess |
Affected:
prior to version 1.7.6
|
|
| BestWebSoft | Job Board |
Affected:
prior to version 1.1.3
|
|
| BestWebSoft | Latest Posts |
Affected:
prior to version 0.3
|
|
| BestWebSoft | Limit Attempts |
Affected:
prior to version 1.1.8
|
|
| BestWebSoft |
Affected:
prior to version 1.0.5
|
||
| BestWebSoft | Multilanguage |
Affected:
prior to version 1.2.2
|
|
| BestWebSoft | PDF & Print |
Affected:
prior to version 1.9.4
|
|
| BestWebSoft | Pagination |
Affected:
prior to version 1.0.7
|
|
| BestWebSoft |
Affected:
prior to version 1.0.5
|
||
| BestWebSoft | Popular Posts |
Affected:
prior to version 1.0.5
|
|
| BestWebSoft | Portfolio |
Affected:
prior to version 2.4
|
|
| BestWebSoft | Post to CSV |
Affected:
prior to version 1.3.1
|
|
| BestWebSoft | Profile Extra |
Affected:
prior to version 1.0.7
|
|
| BestWebSoft | PromoBar |
Affected:
prior to version 1.1.1
|
|
| BestWebSoft | Quotes and Tips |
Affected:
prior to version 1.32
|
|
| BestWebSoft | Re-attacher |
Affected:
prior to version 1.0.9
|
|
| BestWebSoft | Realty |
Affected:
prior to version 1.1.0
|
|
| BestWebSoft | Relevant - Related Posts |
Affected:
prior to version 1.2.0
|
|
| BestWebSoft | Sender |
Affected:
prior to version 1.2.1
|
|
| BestWebSoft | SMTP |
Affected:
prior to version 1.1.0
|
|
| BestWebSoft | Social Buttons Pack |
Affected:
prior to version 1.1.1
|
|
| BestWebSoft | Subscriber |
Affected:
prior to version 1.3.5
|
|
| BestWebSoft | Testimonials |
Affected:
prior to version 0.1.9
|
|
| BestWebSoft | Timesheet |
Affected:
prior to version 0.1.5
|
|
| BestWebSoft | Twitter Button |
Affected:
prior to version 2.55
|
|
| BestWebSoft | User Role |
Affected:
prior to version 1.5.6
|
|
| BestWebSoft | Updater |
Affected:
prior to version 1.35
|
|
| BestWebSoft | Visitors Online |
Affected:
prior to version 1.0.0
|
|
| BestWebSoft | Zendesk Help Center |
Affected:
prior to version 1.0.5
|
Date Public
2017-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2017-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094"
},
{
"name": "JVN#24834813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN24834813/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Captcha",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 4.3.0"
}
]
},
{
"product": "Car Rental",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Contact Form Multi",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.1"
}
]
},
{
"product": "Contact Form",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 4.0.6"
}
]
},
{
"product": "Contact Form to DB",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.5.7"
}
]
},
{
"product": "Custom Admin Page",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.1.2"
}
]
},
{
"product": "Custom Fields Search",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.2"
}
]
},
{
"product": "Custom Search",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.36"
}
]
},
{
"product": "Donate",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.1.1"
}
]
},
{
"product": "Email Queue",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.2"
}
]
},
{
"product": "Error Log Viewer",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.6"
}
]
},
{
"product": "Facebook Button",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.54"
}
]
},
{
"product": "Featured Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.1"
}
]
},
{
"product": "Gallery Categories",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.9"
}
]
},
{
"product": "Gallery",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 4.5.0"
}
]
},
{
"product": "Google +1",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.4"
}
]
},
{
"product": "Google AdSense",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.44"
}
]
},
{
"product": "Google Analytics",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.7.1"
}
]
},
{
"product": "Google Captcha (reCAPTCHA)",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.28"
}
]
},
{
"product": "Google Maps",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.6"
}
]
},
{
"product": "Google Shortlink",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.5.3"
}
]
},
{
"product": "Google Sitemap",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 3.0.8"
}
]
},
{
"product": "Htaccess",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.7.6"
}
]
},
{
"product": "Job Board",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.3"
}
]
},
{
"product": "Latest Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.3"
}
]
},
{
"product": "Limit Attempts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.8"
}
]
},
{
"product": "LinkedIn",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Multilanguage",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.2"
}
]
},
{
"product": "PDF \u0026 Print",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.9.4"
}
]
},
{
"product": "Pagination",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.7"
}
]
},
{
"product": "Pinterest",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Popular Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
},
{
"product": "Portfolio",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.4"
}
]
},
{
"product": "Post to CSV",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.1"
}
]
},
{
"product": "Profile Extra",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.7"
}
]
},
{
"product": "PromoBar",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.1"
}
]
},
{
"product": "Quotes and Tips",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.32"
}
]
},
{
"product": "Re-attacher",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.9"
}
]
},
{
"product": "Realty",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.0"
}
]
},
{
"product": "Relevant - Related Posts",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.0"
}
]
},
{
"product": "Sender",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.2.1"
}
]
},
{
"product": "SMTP",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.0"
}
]
},
{
"product": "Social Buttons Pack",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.1.1"
}
]
},
{
"product": "Subscriber",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.3.5"
}
]
},
{
"product": "Testimonials",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.1.9"
}
]
},
{
"product": "Timesheet",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 0.1.5"
}
]
},
{
"product": "Twitter Button",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 2.55"
}
]
},
{
"product": "User Role",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.5.6"
}
]
},
{
"product": "Updater",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.35"
}
]
},
{
"product": "Visitors Online",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.0"
}
]
},
{
"product": "Zendesk Help Center",
"vendor": "BestWebSoft",
"versions": [
{
"status": "affected",
"version": "prior to version 1.0.5"
}
]
}
],
"datePublic": "2017-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF \u0026 Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-22T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2017-000094",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094"
},
{
"name": "JVN#24834813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN24834813/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Captcha",
"version": {
"version_data": [
{
"version_value": "prior to version 4.3.0"
}
]
}
},
{
"product_name": "Car Rental",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Contact Form Multi",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.1"
}
]
}
},
{
"product_name": "Contact Form",
"version": {
"version_data": [
{
"version_value": "prior to version 4.0.6"
}
]
}
},
{
"product_name": "Contact Form to DB",
"version": {
"version_data": [
{
"version_value": "prior to version 1.5.7"
}
]
}
},
{
"product_name": "Custom Admin Page",
"version": {
"version_data": [
{
"version_value": "prior to version 0.1.2"
}
]
}
},
{
"product_name": "Custom Fields Search",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.2"
}
]
}
},
{
"product_name": "Custom Search",
"version": {
"version_data": [
{
"version_value": "prior to version 1.36"
}
]
}
},
{
"product_name": "Donate",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.1"
}
]
}
},
{
"product_name": "Email Queue",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.2"
}
]
}
},
{
"product_name": "Error Log Viewer",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.6"
}
]
}
},
{
"product_name": "Facebook Button",
"version": {
"version_data": [
{
"version_value": "prior to version 2.54"
}
]
}
},
{
"product_name": "Featured Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.1"
}
]
}
},
{
"product_name": "Gallery Categories",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.9"
}
]
}
},
{
"product_name": "Gallery",
"version": {
"version_data": [
{
"version_value": "prior to version 4.5.0"
}
]
}
},
{
"product_name": "Google +1",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.4"
}
]
}
},
{
"product_name": "Google AdSense",
"version": {
"version_data": [
{
"version_value": "prior to version 1.44"
}
]
}
},
{
"product_name": "Google Analytics",
"version": {
"version_data": [
{
"version_value": "prior to version 1.7.1"
}
]
}
},
{
"product_name": "Google Captcha (reCAPTCHA)",
"version": {
"version_data": [
{
"version_value": "prior to version 1.28"
}
]
}
},
{
"product_name": "Google Maps",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.6"
}
]
}
},
{
"product_name": "Google Shortlink",
"version": {
"version_data": [
{
"version_value": "prior to version 1.5.3"
}
]
}
},
{
"product_name": "Google Sitemap",
"version": {
"version_data": [
{
"version_value": "prior to version 3.0.8"
}
]
}
},
{
"product_name": "Htaccess",
"version": {
"version_data": [
{
"version_value": "prior to version 1.7.6"
}
]
}
},
{
"product_name": "Job Board",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.3"
}
]
}
},
{
"product_name": "Latest Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 0.3"
}
]
}
},
{
"product_name": "Limit Attempts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.8"
}
]
}
},
{
"product_name": "LinkedIn",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Multilanguage",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.2"
}
]
}
},
{
"product_name": "PDF \u0026 Print",
"version": {
"version_data": [
{
"version_value": "prior to version 1.9.4"
}
]
}
},
{
"product_name": "Pagination",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.7"
}
]
}
},
{
"product_name": "Pinterest",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Popular Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
},
{
"product_name": "Portfolio",
"version": {
"version_data": [
{
"version_value": "prior to version 2.4"
}
]
}
},
{
"product_name": "Post to CSV",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.1"
}
]
}
},
{
"product_name": "Profile Extra",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.7"
}
]
}
},
{
"product_name": "PromoBar",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.1"
}
]
}
},
{
"product_name": "Quotes and Tips",
"version": {
"version_data": [
{
"version_value": "prior to version 1.32"
}
]
}
},
{
"product_name": "Re-attacher",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.9"
}
]
}
},
{
"product_name": "Realty",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.0"
}
]
}
},
{
"product_name": "Relevant - Related Posts",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.0"
}
]
}
},
{
"product_name": "Sender",
"version": {
"version_data": [
{
"version_value": "prior to version 1.2.1"
}
]
}
},
{
"product_name": "SMTP",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.0"
}
]
}
},
{
"product_name": "Social Buttons Pack",
"version": {
"version_data": [
{
"version_value": "prior to version 1.1.1"
}
]
}
},
{
"product_name": "Subscriber",
"version": {
"version_data": [
{
"version_value": "prior to version 1.3.5"
}
]
}
},
{
"product_name": "Testimonials",
"version": {
"version_data": [
{
"version_value": "prior to version 0.1.9"
}
]
}
},
{
"product_name": "Timesheet",
"version": {
"version_data": [
{
"version_value": "prior to version 0.1.5"
}
]
}
},
{
"product_name": "Twitter Button",
"version": {
"version_data": [
{
"version_value": "prior to version 2.55"
}
]
}
},
{
"product_name": "User Role",
"version": {
"version_data": [
{
"version_value": "prior to version 1.5.6"
}
]
}
},
{
"product_name": "Updater",
"version": {
"version_data": [
{
"version_value": "prior to version 1.35"
}
]
}
},
{
"product_name": "Visitors Online",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.0"
}
]
}
},
{
"product_name": "Zendesk Help Center",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.5"
}
]
}
}
]
},
"vendor_name": "BestWebSoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF \u0026 Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000094",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094"
},
{
"name": "JVN#24834813",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN24834813/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2171",
"datePublished": "2017-05-22T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}