2 matches found
CVE-2017-18516
CVE-2017-18516 affects the WordPress plugin bws-linkedin prior to version 1.0.5. The vulnerability is described as multiple XSS issues in the plugin, allowing authenticated attackers to execute arbitrary JavaScript in victims’ browsers, potentially stealing session cookies, credentials, or acting...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...