CVE-2017-18558 – Testimonials by BestWebSoft <= 0.1.8 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18558
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. El plugin bws-testimonials antes de 0.1.9 para WordPress tiene múltiples problemas XSS. The Testimonials by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.1.8 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/bws-testimonials/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9295 – Contact Form by BestWebSoft <= 3.95 - ReflectedCross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9295
The contact-form-plugin plugin before 3.96 for WordPress has XSS. El complemento contact-form-plugin anterior a 3.96 para WordPress tiene XSS. The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.95 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/contact-form-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18494 – Custom Search by BestWebSoft <= 1.35 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18494
The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. El complemento custom-search-plugin anterior de 1.36 para WordPress tiene múltiples problemas de XSS. The Custom Search plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including, 1.35 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick the user into performing an action such as clicking on a link. • https://wordpress.org/plugins/custom-search-plugin/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18502 – Subscriber by BestWebSoft <= 1.3.4 - Multiple Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18502
The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. El plugin subscriber anterior a la versión 1.3.5 para WordPress tiene múltiples problemas XSS. • https://wordpress.org/plugins/subscriber/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18542 – Help Center by BestWebSoft <= 1.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18542
The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. El plugin zendesk-help-center versiones anteriores a 1.0.5 para WordPress, presenta múltiples problemas de tipo XSS. The Help Center by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser granted they can trick a victim into performing an action, such as clicking on a link. • https://wordpress.org/plugins/zendesk-help-center/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •