2 matches found
CVE-2017-18564
CVE-2017-18564 affects the WordPress plugin Sender (BestWebSoft) before 1.2.1. It describes multiple XSS flaws in the plugin, enabling authenticated users to inject JavaScript in victims’ browsers (CWE-79). The issue is network-accessible but requires user interaction; remediation is to update to...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...