Multiple BestWebSoft Plugins - Authenticated Reflected GET Cross-Site Scripting (XSS)

Sign up to our free email alerts service for instant vulnerability notifications!

Proof of Concept
http://www.example.com/wp-admin/admin.php?page=bws_panel&category=%22%3E%3C%2Fscript%3E%3Cscript%3Ealert%2842%29%3C%2Fscript%3E

Affects

Plugins adsense-plugin
fixed in version 1.44

bws-featured-posts
fixed in version 1.0.1

bws-google-analytics
fixed in version 1.7.1

bws-google-maps
fixed in version 1.3.6

bws-latest-posts
fixed in version 0.3

bws-linkedin
fixed in version 1.0.5

bws-pinterest
fixed in version 1.0.5

bws-popular-posts
fixed in version 1.0.5

bws-smtp
fixed in version 1.1.0

bws-testimonials
fixed in version 0.1.9

captcha
fixed in version 4.3.0

car-rental
fixed in version 1.0.5

contact-form-multi
fixed in version 1.2.1

contact-form-plugin
fixed in version 4.0.6

contact-form-to-db
fixed in version 1.5.7

custom-admin-page
fixed in version 0.1.2

custom-fields-search
fixed in version 1.3.2

custom-search-plugin
fixed in version 1.36

donate-button
fixed in version 2.1.1

email-queue
fixed in version 1.1.2

error-log-viewer
fixed in version 1.0.6

facebook-button-plugin
fixed in version 2.54

gallery-categories
fixed in version 1.0.9

gallery-plugin
fixed in version 4.5.0

google-captcha
fixed in version 1.28

google-one
google-shortlink
fixed in version 1.5.3

google-sitemap-plugin
fixed in version 3.0.8

htaccess
fixed in version 1.7.6

job-board
fixed in version 1.1.4

limit-attempts
fixed in version 1.1.8

multilanguage
fixed in version 1.2.3

pagination
fixed in version 1.0.7

pdf-print
fixed in version 1.9.4

portfolio
fixed in version 2.40

post-to-csv
fixed in version 1.3.1

profile-extra-fields
fixed in version 1.0.7

promobar
fixed in version 1.1.1

quotes-and-tips
fixed in version 1.32

rating-bws
fixed in version 0.2

re-attacher
fixed in version 1.0.9

realty
fixed in version 1.1.0

relevant
fixed in version 1.2.0

sender
fixed in version 1.2.1

social-buttons-pack
fixed in version 1.1.1

social-login-bws
fixed in version 0.2

subscriber
fixed in version 1.3.5

timesheet
fixed in version 0.1.5

twitter-plugin
fixed in version 2.55

updater
user-role
fixed in version 1.5.6

visitors-online
fixed in version 1.0.0

zendesk-help-center
fixed in version 1.0.5

References

URL http://www.defensecode.com/advisories/DC-2017-02-014_50_WordPress_plugins_by_BestWebSoft_Advisory.pdf
URL http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2017-April/010860.html

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 251
Verified Yes
WPVDB ID 8796

Timeline

Publicly Published 2017-04-12 (12 days ago)
Added 2017-04-13 (11 days ago)
Last Updated 2017-04-20 (3 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.