CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18590 – Help Center by BestWebSoft < 0.1.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18590
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues. El plugin de hoja de horas antes de 0.1.5 para WordPress tiene múltiples problemas XSS. The Help Center by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to 0.1.5 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/timesheet/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18528 – Download PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin <= 1.9.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18528
The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. El plugin de impresión pdf antes de 1.9.4 para WordPress tiene múltiples problemas XSS. • https://wordpress.org/plugins/pdf-print/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18496 – Htaccess by BestWebSoft – WordPress Website Access Control Plugin <= 1.7.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18496
The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. El complemento htaccess anterior a 1.7.6 para WordPress tiene múltiples problemas XSS. The "Htaccess by BestWebSoft – WordPress Website Access Control Plugin" plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/htaccess/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18505 – BestWebSoft's Twitter < 2.55 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18505
The twitter-plugin plugin before 2.55 for WordPress has XSS. El plugin twitter-plugin antes de la versión 2.55 para WordPress tiene XSS. The BestWebSoft's Twitter plugin before 2.55 for WordPress has XSS via several parameters. • https://wordpress.org/plugins/twitter-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18493 – Custom Admin Page by BestWebSoft <= 0.1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18493
The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. El complemento de custom-admin-page anterior de 0.1.2 para WordPress tiene múltiples problemas de XSS. The Custom Admin Page by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1.1 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/custom-admin-page/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •