VYPR
Get started
← All advisories
Medium severity6.1NVD Advisory· Published May 22, 2017· Updated May 13, 2026

CVE-2017-2171

CVE-2017-2171

Description

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.

Affected products

102
  • Bestwebsoft/Captcha2 versions
    cpe:2.3:a:bestwebsoft:captcha:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:bestwebsoft:captcha:*:*:*:*:*:wordpress:*:*range: <=4.2.9
    • (no CPE)range: prior to version 4.3.0
  • Bestwebsoft/Car Rental
    cpe:2.3:a:bestwebsoft:car_rental:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.4
  • Bestwebsoft/Contact Form Multi
    cpe:2.3:a:bestwebsoft:contact_form_multi:*:*:*:*:*:wordpress:*:*
    Range: <=1.2.0
  • Bestwebsoft/Contact Form To Db
    cpe:2.3:a:bestwebsoft:contact_form_to_db:*:*:*:*:*:wordpress:*:*
    Range: <=1.5.6
  • Bestwebsoft/Contact Form
    cpe:2.3:a:bestwebsoft:contact_form:*:*:*:*:*:wordpress:*:*
    Range: <=4.0.5
  • Bestwebsoft/Custom Admin Page
    cpe:2.3:a:bestwebsoft:custom_admin_page:*:*:*:*:*:wordpress:*:*
    Range: <=0.1.1
  • Bestwebsoft/Custom Fields Search
    cpe:2.3:a:bestwebsoft:custom_fields_search:*:*:*:*:*:wordpress:*:*
    Range: <=1.3.1
  • Bestwebsoft/Custom Search
    cpe:2.3:a:bestwebsoft:custom_search:*:*:*:*:*:wordpress:*:*
    Range: <=1.35
  • Bestwebsoft/Donate
    cpe:2.3:a:bestwebsoft:donate:*:*:*:*:*:wordpress:*:*
    Range: <=2.1.0
  • Bestwebsoft/Email Queue
    cpe:2.3:a:bestwebsoft:email_queue:*:*:*:*:*:wordpress:*:*
    Range: <=1.1.1
  • Bestwebsoft/Error Log Viewer
    cpe:2.3:a:bestwebsoft:error_log_viewer:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.5
  • Bestwebsoft/Facebook Button
    cpe:2.3:a:bestwebsoft:facebook_button:*:*:*:*:*:wordpress:*:*
    Range: <=2.53
  • Bestwebsoft/Featured Posts
    cpe:2.3:a:bestwebsoft:featured_posts:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.0
  • Bestwebsoft/Gallery Categories
    cpe:2.3:a:bestwebsoft:gallery_categories:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.8
  • Bestwebsoft/Gallery
    cpe:2.3:a:bestwebsoft:gallery:*:*:*:*:*:wordpress:*:*
    Range: <=4.4.9
  • Bestwebsoft/Google \+1
    cpe:2.3:a:bestwebsoft:google_\+1:*:*:*:*:*:wordpress:*:*
    Range: <=1.3.3
  • Bestwebsoft/Google Adsense
    cpe:2.3:a:bestwebsoft:google_adsense:*:*:*:*:*:wordpress:*:*
    Range: <=1.43
  • Bestwebsoft/Google Analytics
    cpe:2.3:a:bestwebsoft:google_analytics:*:*:*:*:*:wordpress:*:*
    Range: <=1.7.0
  • Bestwebsoft/Google Captcha \(recaptcha\)
    cpe:2.3:a:bestwebsoft:google_captcha_\(recaptcha\):*:*:*:*:*:wordpress:*:*
    Range: <=1.27
  • Bestwebsoft/Google Maps
    cpe:2.3:a:bestwebsoft:google_maps:*:*:*:*:*:wordpress:*:*
    Range: <=1.3.5
  • Bestwebsoft/Google Shortlink
    cpe:2.3:a:bestwebsoft:google_shortlink:*:*:*:*:*:wordpress:*:*
    Range: <=1.5.2
  • Bestwebsoft/Google Sitemap
    cpe:2.3:a:bestwebsoft:google_sitemap:*:*:*:*:*:wordpress:*:*
    Range: <=3.0.7
  • Bestwebsoft/Htaccess
    cpe:2.3:a:bestwebsoft:htaccess:*:*:*:*:*:wordpress:*:*
    Range: <=1.7.5
  • Bestwebsoft/Job Board
    cpe:2.3:a:bestwebsoft:job_board:*:*:*:*:*:wordpress:*:*
    Range: <=1.1.2
  • Bestwebsoft/Latest Posts
    cpe:2.3:a:bestwebsoft:latest_posts:*:*:*:*:*:wordpress:*:*
    Range: <=0.2
  • Bestwebsoft/Limit Attempts
    cpe:2.3:a:bestwebsoft:limit_attempts:*:*:*:*:*:wordpress:*:*
    Range: <=1.1.7
  • Bestwebsoft/Linkedin
    cpe:2.3:a:bestwebsoft:linkedin:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.4
  • Bestwebsoft/Multilanguage
    cpe:2.3:a:bestwebsoft:multilanguage:*:*:*:*:*:wordpress:*:*
    Range: <=1.2.1
  • Bestwebsoft/Pagination
    cpe:2.3:a:bestwebsoft:pagination:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.6
  • Bestwebsoft/Pdf \& Print
    cpe:2.3:a:bestwebsoft:pdf_\&_print:*:*:*:*:*:wordpress:*:*
    Range: <=1.9.3
  • Bestwebsoft/Pinterest
    cpe:2.3:a:bestwebsoft:pinterest:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.4
  • Bestwebsoft/Popular Posts
    cpe:2.3:a:bestwebsoft:popular_posts:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.4
  • Bestwebsoft/Portfolio
    cpe:2.3:a:bestwebsoft:portfolio:*:*:*:*:*:wordpress:*:*
    Range: <=2.3
  • Bestwebsoft/Post To Csv
    cpe:2.3:a:bestwebsoft:post_to_csv:*:*:*:*:*:wordpress:*:*
    Range: <=1.3.0
  • Bestwebsoft/Profile Extra
    cpe:2.3:a:bestwebsoft:profile_extra:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.6
  • Bestwebsoft/Promobar
    cpe:2.3:a:bestwebsoft:promobar:*:*:*:*:*:wordpress:*:*
    Range: <=1.1.0
  • Bestwebsoft/Quotes And Tips
    cpe:2.3:a:bestwebsoft:quotes_and_tips:*:*:*:*:*:wordpress:*:*
    Range: <=1.31
  • Bestwebsoft/Realty
    cpe:2.3:a:bestwebsoft:realty:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.9
  • Bestwebsoft/Re Attacher
    cpe:2.3:a:bestwebsoft:re-attacher:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.8
  • Bestwebsoft/Relevant Related Posts
    cpe:2.3:a:bestwebsoft:relevant_-_related_posts:*:*:*:*:*:wordpress:*:*
    Range: <=1.1.9
  • Bestwebsoft/Sender
    cpe:2.3:a:bestwebsoft:sender:*:*:*:*:*:wordpress:*:*
    Range: <=1.2.0
  • Bestwebsoft/SMTP
    cpe:2.3:a:bestwebsoft:smtp:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.9
  • Bestwebsoft/Social Buttons Pack
    cpe:2.3:a:bestwebsoft:social_buttons_pack:*:*:*:*:*:wordpress:*:*
    Range: <=1.1.0
  • Bestwebsoft/Subscriber
    cpe:2.3:a:bestwebsoft:subscriber:*:*:*:*:*:wordpress:*:*
    Range: <=1.3.4
  • Bestwebsoft/Testimonials
    cpe:2.3:a:bestwebsoft:testimonials:*:*:*:*:*:wordpress:*:*
    Range: <=0.1.8
  • Bestwebsoft/Timesheet
    cpe:2.3:a:bestwebsoft:timesheet:*:*:*:*:*:wordpress:*:*
    Range: <=0.1.4
  • Bestwebsoft/Twitter Button
    cpe:2.3:a:bestwebsoft:twitter_button:*:*:*:*:*:wordpress:*:*
    Range: <=2.54
  • Bestwebsoft/Updater
    cpe:2.3:a:bestwebsoft:updater:*:*:*:*:*:wordpress:*:*
    Range: <=1.34
  • Bestwebsoft/User Role
    cpe:2.3:a:bestwebsoft:user_role:*:*:*:*:*:wordpress:*:*
    Range: <=1.5.5
  • Bestwebsoft/Visitors Online
    cpe:2.3:a:bestwebsoft:visitors_online:*:*:*:*:*:wordpress:*:*
    Range: <=0.9
  • Bestwebsoft/Zendesk Help Center
    cpe:2.3:a:bestwebsoft:zendesk_help_center:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.4
  • BestWebSoft/Car Rentalv5
    Range: prior to version 1.0.5
  • BestWebSoft/Contact Formv5
    Range: prior to version 4.0.6
  • BestWebSoft/Contact Form Multiv5
    Range: prior to version 1.2.1
  • BestWebSoft/Contact Form to DBv5
    Range: prior to version 1.5.7
  • BestWebSoft/Custom Admin Pagev5
    Range: prior to version 0.1.2
  • BestWebSoft/Custom Fields Searchv5
    Range: prior to version 1.3.2
  • BestWebSoft/Custom Searchv5
    Range: prior to version 1.36
  • BestWebSoft/Donatev5
    Range: prior to version 2.1.1
  • BestWebSoft/Email Queuev5
    Range: prior to version 1.1.2
  • BestWebSoft/Error Log Viewerv5
    Range: prior to version 1.0.6
  • BestWebSoft/Facebook Buttonv5
    Range: prior to version 2.54
  • BestWebSoft/Featured Postsv5
    Range: prior to version 1.0.1
  • BestWebSoft/Galleryv5
    Range: prior to version 4.5.0
  • BestWebSoft/Gallery Categoriesv5
    Range: prior to version 1.0.9
  • BestWebSoft/Google +1v5
    Range: prior to version 1.3.4
  • BestWebSoft/Google AdSensev5
    Range: prior to version 1.44
  • BestWebSoft/Google Analyticsv5
    Range: prior to version 1.7.1
  • BestWebSoft/Google Captcha (reCAPTCHA)v5
    Range: prior to version 1.28
  • BestWebSoft/Google Mapsv5
    Range: prior to version 1.3.6
  • BestWebSoft/Google Shortlinkv5
    Range: prior to version 1.5.3
  • BestWebSoft/Google Sitemapv5
    Range: prior to version 3.0.8
  • BestWebSoft/Htaccessv5
    Range: prior to version 1.7.6
  • BestWebSoft/Job Boardv5
    Range: prior to version 1.1.3
  • BestWebSoft/Latest Postsv5
    Range: prior to version 0.3
  • BestWebSoft/Limit Attemptsv5
    Range: prior to version 1.1.8
  • BestWebSoft/LinkedInv5
    Range: prior to version 1.0.5
  • BestWebSoft/Multilanguagev5
    Range: prior to version 1.2.2
  • BestWebSoft/Paginationv5
    Range: prior to version 1.0.7
  • BestWebSoft/PDF & Printv5
    Range: prior to version 1.9.4
  • BestWebSoft/Pinterestv5
    Range: prior to version 1.0.5
  • BestWebSoft/Popular Postsv5
    Range: prior to version 1.0.5
  • BestWebSoft/Portfoliov5
    Range: prior to version 2.4
  • BestWebSoft/Post to CSVv5
    Range: prior to version 1.3.1
  • BestWebSoft/Profile Extrav5
    Range: prior to version 1.0.7
  • BestWebSoft/PromoBarv5
    Range: prior to version 1.1.1
  • BestWebSoft/Quotes and Tipsv5
    Range: prior to version 1.32
  • BestWebSoft/Realtyv5
    Range: prior to version 1.1.0
  • BestWebSoft/Re-attacherv5
    Range: prior to version 1.0.9
  • BestWebSoft/Relevant - Related Postsv5
    Range: prior to version 1.2.0
  • BestWebSoft/Senderv5
    Range: prior to version 1.2.1
  • BestWebSoft/SMTPv5
    Range: prior to version 1.1.0
  • BestWebSoft/Social Buttons Packv5
    Range: prior to version 1.1.1
  • BestWebSoft/Subscriberv5
    Range: prior to version 1.3.5
  • BestWebSoft/Testimonialsv5
    Range: prior to version 0.1.9
  • BestWebSoft/Timesheetv5
    Range: prior to version 0.1.5
  • BestWebSoft/Twitter Buttonv5
    Range: prior to version 2.55
  • BestWebSoft/Updaterv5
    Range: prior to version 1.35
  • BestWebSoft/User Rolev5
    Range: prior to version 1.5.6
  • BestWebSoft/Visitors Onlinev5
    Range: prior to version 1.0.0
  • BestWebSoft/Zendesk Help Centerv5
    Range: prior to version 1.0.5

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.