CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2017-18505 – BestWebSoft's Twitter < 2.55 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18505
12 Apr 2017 — The twitter-plugin plugin before 2.55 for WordPress has XSS. El plugin twitter-plugin antes de la versión 2.55 para WordPress tiene XSS. The BestWebSoft's Twitter plugin before 2.55 for WordPress has XSS via several parameters. • https://wordpress.org/plugins/twitter-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18557 – Maps by BestWebSoft <= 1.3.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18557
12 Apr 2017 — The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. El plugin bws-google-maps antes de 1.3.6 para WordPress tiene múltiples problemas XSS. The Maps by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser grant... • https://wordpress.org/plugins/bws-google-maps/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18517 – BestWebSoft's Pinterest <= 1.0.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18517
12 Apr 2017 — The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. El plugin bws-pinterest anterior a 1.0.5 para WordPress tiene múltiples problemas XSS The BestWebSoft's Pinterest plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser gran... • https://wordpress.org/plugins/bws-pinterest/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18492 – Contact Form to DB <= 1.5.6 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18492
12 Apr 2017 — The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. El complemento contact-form-to-db anterior de 1.5.7 para WordPress tiene múltiples problemas XSS. The Contact Form to DB plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/contact-form-to-db/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18493 – Custom Admin Page by BestWebSoft <= 0.1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18493
12 Apr 2017 — The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. El complemento de custom-admin-page anterior de 0.1.2 para WordPress tiene múltiples problemas de XSS. The Custom Admin Page by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that exec... • https://wordpress.org/plugins/custom-admin-page/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18501 – Social Login by BestWebSoft <= 0.1 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18501
12 Apr 2017 — The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. El plugin social-login-bws antes de la versión 0.2 para WordPress tiene múltiples problemas XSS. The Social Login by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/social-login-bws/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18556 – Analytics <= 1.7.0 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18556
12 Apr 2017 — The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. El plugin bws-google-analytics anterior a 1.7.1 para WordPress tiene múltiples problemas XSS. The Analytics plugin is vulnerable to multiple Cross-Site Scripting vulnerabilities in versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/bws-google-analytics/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9295 – Contact Form by BestWebSoft <= 3.95 - ReflectedCross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9295
12 Apr 2017 — The contact-form-plugin plugin before 3.96 for WordPress has XSS. El complemento contact-form-plugin anterior a 3.96 para WordPress tiene XSS. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.95 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can tric... • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18542 – Help Center by BestWebSoft <= 1.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18542
12 Apr 2017 — The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. El plugin zendesk-help-center versiones anteriores a 1.0.5 para WordPress, presenta múltiples problemas de tipo XSS. The Help Center by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts... • https://wordpress.org/plugins/zendesk-help-center/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18527 – Pagination by BestWebSoft <= 1.0.6 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18527
12 Apr 2017 — The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. El plugin de paginación anterior a 1.0.7 para WordPress tiene múltiples problemas XSS. The Pagination by BestWebSoft plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser. • https://wordpress.org/plugins/pagination/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •