2 matches found
CVE-2017-18558
CVE-2017-18558 affects the WordPress plugin bws-testimonials, version before 0.1.9. The connected Nuclei/WPVuln/Red Hat et al. entries confirm multiple XSS flaws in this plugin, caused by inadequate input/output sanitization, enabling authenticated attackers to inject and execute arbitrary JavaSc...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...