CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18527 – Pagination by BestWebSoft <= 1.0.6 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18527
The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. El plugin de paginación anterior a 1.0.7 para WordPress tiene múltiples problemas XSS. The Pagination by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/pagination/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18491 – Advanced Contact Us Form Builder for WordPress <= 4.0.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18491
The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. El complemento contact-form-plugin anterior de 4.0.6 para WordPress tiene múltiples problemas XSS. The Advanced Contact Us Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick the user into performing an action such as clicking on a link. • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18501 – Social Login by BestWebSoft <= 0.1 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18501
The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. El plugin social-login-bws antes de la versión 0.2 para WordPress tiene múltiples problemas XSS. The Social Login by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/social-login-bws/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18517 – BestWebSoft's Pinterest <= 1.0.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18517
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. El plugin bws-pinterest anterior a 1.0.5 para WordPress tiene múltiples problemas XSS The BestWebSoft's Pinterest plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/bws-pinterest/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18557 – Maps by BestWebSoft <= 1.3.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18557
The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. El plugin bws-google-maps antes de 1.3.6 para WordPress tiene múltiples problemas XSS. The Maps by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/bws-google-maps/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •