Cross-Site Scripting Vulnerability in Multiple WordPress Plugins by BestWebSoft
CVE-2017-2171

6.1MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
22 May 2017

What is CVE-2017-2171?

The vulnerability allows remote attackers to inject arbitrary web scripts or HTML into applications utilizing multiple BestWebSoft plugins. Specifically, the affected plugins prior to specified versions can be exploited via the function that displays the BestWebSoft menu, potentially compromising the integrity of the web application and exposing sensitive data.

Affected Version(s)

Captcha prior to version 4.3.0

Car Rental prior to version 1.0.5

Contact Form prior to version 4.0.6

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.