2 matches found
CVE-2017-18494
The CVE-2017-18494 issue affects the WordPress plugin custom-search-plugin prior to version 1.36 (BestWebSoft). The connected Nuclei template and related records confirm multiple XSS vulnerabilities in this plugin, enabling an attacker (with no special privileges) to inject and execute arbitrary ...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...