2 matches found
CVE-2017-18505
The CVE-2017-18505 relates to BestWebSoft’s Twitter button WordPress plugin (versions before 2.55). The issue is a Cross-Site Scripting (XSS) vulnerability arising from insufficient validation of client-side data in the web app, enabling an authenticated attacker to inject and execute JavaScript ...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...