Cross-Site Scripting Vulnerability in Multiple WordPress Plugins by BestWebSoft
CVE-2017-2171

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Captcha; Car Rental; Contact Form Multi; Contact Form
Vendor: CVE Published:; 22 May 2017

What is CVE-2017-2171?

The vulnerability allows remote attackers to inject arbitrary web scripts or HTML into applications utilizing multiple BestWebSoft plugins. Specifically, the affected plugins prior to specified versions can be exploited via the function that displays the BestWebSoft menu, potentially compromising the integrity of the web application and exposing sensitive data.

Affected Version(s)

Captcha prior to version 4.3.0

Car Rental prior to version 1.0.5

Contact Form prior to version 4.0.6

References

http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094

third-party-advisoryx_refsource_JVNDB

https://jvn.jp/en/jp/JVN24834813/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2017
Vulnerability Reserved
Dec 1, 2016