CVE-2017-18558 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Testimonials plugin for WordPress affects v. before 0.1.9.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The bws-testimonials plugin is a popular tool used to display client feedback on WordPress-based websites. This plugin has been praised for its ease of use and customization options, making it a go-to for businesses looking to showcase their success stories. However, the security of this plugin has recently been called into question due to the discovery of several vulnerabilities, including CVE-2017-18558.
CVE-2017-18558 is a cross-site scripting (XSS) vulnerability located in the Testimonials shortcode, which can be exploited by attackers to execute malicious code on a user's browser. This vulnerability can be triggered by inserting specially crafted JavaScript code into the plugin's input fields, such as the name and message fields.
Such an exploit could result in a range of consequences, including redirecting users to malicious websites, stealing sensitive information, or installing malware. Moreover, as this plugin is often used on business websites, attackers could use it to gain access to corporate networks or other valuable digital assets.
In conclusion, while the Testimonials plugin can be a valuable tool for businesses to showcase their successes, it is important to be aware of the potential risks associated with it. By following the recommended precautions and partnering with a trusted security provider like s4e.io, website owners can remain ahead of the curve and minimize the risk of damaging cyberattacks.
REFERENCES