3 matches found
CVE-2024-13908
CVE-2024-13908 pertains to the WordPress plugin SMTP by BestWebSoft, where arbitrary file uploads are possible due to missing file type validation in the save_options function across versions up to 1.1.9. The vulnerability requires authenticated Administrator+-level access to exploit and may enab...
CVE-2017-18518
The CVE-2017-18518 entry concerns the WordPress plugin bws-smtp (BestWebSoft) before version 1.1.0 , which has multiple XSS vulnerabilities. The connected nuclei template confirms the vulnerability is a cross-site scripting issue affecting that plugin. The impact stated in the connected document ...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...