Multiple BestWebSoft Plugins – Authenticated Cross-Site Scripting (XSS) | CVE 2017-18590 | Plugin Vulnerabilities

Affects Plugins

Fixed in 1.44

bws-featured-posts

Fixed in 1.0.1

bws-google-analytics

Fixed in 1.7.1

bws-google-maps

Fixed in 1.3.6

bws-latest-posts

Fixed in 0.3

Fixed in 1.0.5

Fixed in 1.0.5

bws-popular-posts

Fixed in 1.0.5

Fixed in 1.1.0

bws-testimonials

Fixed in 0.1.9

Fixed in 4.3.0

Fixed in 1.0.5

contact-form-multi

Fixed in 1.2.1

contact-form-plugin

Fixed in 4.0.6

contact-form-to-db

Fixed in 1.5.7

custom-admin-page

Fixed in 0.1.2

custom-fields-search

Fixed in 1.3.2

custom-search-plugin

Fixed in 1.36

Fixed in 2.1.1

Fixed in 1.1.2

error-log-viewer

Fixed in 1.0.6

facebook-button-plugin

Fixed in 2.54

gallery-categories

Fixed in 1.0.9

Fixed in 4.5.0

Fixed in 1.28

Fixed in 1.3.4

google-shortlink

Fixed in 1.5.3

google-sitemap-plugin

Fixed in 3.0.8

Fixed in 1.7.6

Fixed in 1.1.4

Fixed in 1.1.8

Fixed in 1.2.3

Fixed in 1.0.7

Fixed in 1.9.4

Fixed in 2.40

Fixed in 1.3.1

profile-extra-fields

Fixed in 1.0.7

Fixed in 1.1.1

quotes-and-tips

Fixed in 1.32

Fixed in 0.2

Fixed in 1.0.9

Fixed in 1.1.0

Fixed in 1.2.0

Fixed in 1.2.1

social-buttons-pack

Fixed in 1.1.1

social-login-bws

Fixed in 0.2

Fixed in 1.3.5

Fixed in 0.1.5

Fixed in 2.55

Fixed in 1.35

Fixed in 1.5.6

visitors-online

Fixed in 1.0.0

zendesk-help-center

Fixed in 1.0.5

References

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

CVE

URL

https://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf

URL

http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2017-April/010860.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

Verified

Yes

WPVDB ID

efd816c3-90d4-40bf-850a-0e4c1a756694

Timeline

Publicly Published

2017-04-12 (about 7 years ago)

Added

2017-04-13 (about 7 years ago)

Last Updated

2020-09-22 (about 3 years ago)

Other

Published

Title

Published

2020-04-15

Title

Widget Settings Importer/Exporter <= 1.5.3 - Authenticated Stored XSS

Published

2023-04-10

Title

WP Custom Author URL < 1.0.5 - Admin+ Stored XSS

Published

2022-04-25

Title

Night Mode < 1.4.0 - Admin+ Stored Cross-Site Scripting

Published

2023-10-16

Title

Protección de Datos RGPD <= 3.1.0 - Reflected XSS

Published

2023-11-07

Title

Recently viewed and most viewed products <= 1.1.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting