Published: 2017/05/16  Last Updated: 2017/05/16

Information from BestWebSoft

Vulnerability ID:JVN#24834813
Title:Multiple BestWebSoft WordPress plugins vulnerable to cross-site scripting
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Affected plugins and their links are as follows:
- Captcha https://wordpress.org/plugins/captcha/#developers
- Car Rental https://wordpress.org/plugins/car-rental/#developers
- Contact Form Multi https://wordpress.org/plugins/contact-form-multi/#developers
- Contact Form https://wordpress.org/plugins/contact-form-plugin/#developers
- Contact Form to DB https://wordpress.org/plugins/contact-form-to-db/#developers
- Custom Admin Page https://wordpress.org/plugins/custom-admin-page/#developers
- Custom Fields Search https://wordpress.org/plugins/custom-fields-search/#developers
- Custom Search https://wordpress.org/plugins/custom-search-plugin/#developers
- Donate https://wordpress.org/plugins/donate-button/#developers
- Email Queue https://wordpress.org/plugins/email-queue/#developers
- Error Log Viewer https://wordpress.org/plugins/error-log-viewer/#developers
- Facebook Button https://wordpress.org/plugins/facebook-button-plugin/#developers
- Featured Posts https://wordpress.org/plugins/bws-featured-posts/#developers
- Gallery Categories https://wordpress.org/plugins/gallery-categories/#developers
- Gallery https://wordpress.org/plugins/gallery-plugin/#developers
- Google +1 https://wordpress.org/plugins/google-one/#developers
- Google AdSense https://wordpress.org/plugins/adsense-plugin/#developers
- Google Analytics https://wordpress.org/plugins/bws-google-analytics/#developers
- Google Captcha (reCAPTCHA) https://wordpress.org/plugins/google-captcha/#developers
- Google Maps https://wordpress.org/plugins/bws-google-maps/#developers
- Google Shortlink https://wordpress.org/plugins/google-shortlink/#developers
- Google Sitemap https://wordpress.org/plugins/google-sitemap-plugin/#developers
- Htaccess https://wordpress.org/plugins/htaccess/#developers
- Job Board https://wordpress.org/plugins/job-board/#developers
- Latest Posts https://wordpress.org/plugins/bws-latest-posts/#developers
- Limit Attempts https://wordpress.org/plugins/limit-attempts/#developers
- LinkedIn https://wordpress.org/plugins/bws-linkedin/#developers
- Multilanguage https://wordpress.org/plugins/multilanguage/#developers
- PDF & Print https://wordpress.org/plugins/pdf-print/#developers
- Pagination https://wordpress.org/plugins/pagination/#developers
- Pinterest https://wordpress.org/plugins/bws-pinterest/#developers
- Popular Posts https://wordpress.org/plugins/bws-popular-posts/#developers
- Portfolio https://wordpress.org/plugins/portfolio/#developers
- Post to CSV https://wordpress.org/plugins/post-to-csv/#developers
- Profile Extra Fields https://wordpress.org/plugins/profile-extra-fields/#developers
- PromoBar https://wordpress.org/plugins/promobar/#developers
- Quotes and Tips https://wordpress.org/plugins/quotes-and-tips/#developers
- Re-attacher https://wordpress.org/plugins/re-attacher/#developers
- Realty https://wordpress.org/plugins/realty/#developers
- Relevant - Related Posts https://wordpress.org/plugins/relevant/#developers
- SMTP https://wordpress.org/plugins/bws-smtp/#developers
- Sender https://wordpress.org/plugins/sender/#developers
- Social Buttons Pack https://wordpress.org/plugins/social-buttons-pack/#developers
- Subscriber https://wordpress.org/plugins/subscriber/#developers
- Testimonials https://wordpress.org/plugins/bws-testimonials/#developers
- Timesheet https://wordpress.org/plugins/timesheet/#developers
- Twitter Button https://wordpress.org/plugins/twitter-plugin/#developers
- Updater https://wordpress.org/plugins/updater/#developers
- User Role https://wordpress.org/plugins/user-role/#developers
- Visitors Online https://wordpress.org/plugins/visitors-online/#developers
- Zendesk Help Center https://wordpress.org/plugins/zendesk-help-center/#developers