CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18516 – BestWebSoft's LinkedIn < 1.0.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18516
The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues. El plugin bws-linkedin anterior a la versión 1.0.5 para WordPress tiene múltiples problemas XSS. The BestWebSoft's LinkedIn plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/bws-linkedin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18529 – PromoBar by BestWebSoft – Customizable Advertisement Banner for WordPress Website <= 1.1.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18529
The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. El plugin promobar antes de 1.1.1 para WordPress tiene múltiples problemas XSS. The PromoBar by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/promobar/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18562 – Error Log Viewer by BestWebSoft < 1.0.6 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18562
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. El plugin de error-log-viewer anterior a la versión 1.0.6 para WordPress tiene múltiples problemas de XSS. The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, 1.0.6 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/error-log-viewer/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18530 – Rating by BestWebSoft < 0.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18530
The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. El plugin rating-bws antes de 0.2 para WordPress tiene múltiples problemas XSS. The Rating by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 0.2 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/rating-bws/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18500 – Social Buttons Pack by BestWebSoft < 1.1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18500
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. El plugin social-buttons-pack anterior a la versión 1.1.1 para WordPress tiene múltiples problemas de XSS. The Social Buttons Pack by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 1.1.1 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/social-buttons-pack/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •