3 matches found
CVE-2017-18566
The CVE-2017-18566 affects the WordPress plugin “user-role” by BestWebSoft, specifically versions before 1.5.6. The connected data confirms multiple XSS vulnerabilities (CWE-79) in this plugin, with practical impact: authenticated attackers can inject and execute arbitrary JavaScript in victims’ ...
CVE-2017-2171
CVE-2017-2171 detail: A cross-site scripting vulnerability affects BestWebSoft WordPress plugins that display the BestWebSoft menu. The issue arises from a common function used to render the menu (CWE-79), enabling remote attackers to execute arbitrary script in a logged-in user’s browser. Affect...
CVE-2023-0820
CVE-2023-0820 affects the WordPress plugin “User Role by BestWebSoft – Add and Customize Roles and Capabilities in WordPress” up to version 1.6.7. The issue is a CSRF vulnerability in requests that update role capabilities, allowing arbitrary privilege escalation for any user role. The impact is ...