2 matches found
CVE-2017-18556
The CVE pertains to the WordPress plugin bws-google-analytics (pre-1.7.1). The connected Nuclei template confirms multiple XSS flaws in the plugin before 1.7.1, enabling authenticated attackers to inject and execute arbitrary JavaScript in victims’ browsers (potential cookie/credentials leakage a...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...