2 matches found
CVE-2017-18502
CVE-2017-18502 affects the WordPress subscriber plugin prior to version 1.3.5. The issue is multiple XSS vulnerabilities in the subscriber plugin, enabling an authenticated attacker to execute arbitrary JavaScript in victims’ browsers (potential cookie/credentials risk) as described in connected ...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...