CVE-2017-2171
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-2171
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款WordPress插件跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。Captcha等都是使用在其中的插件。其中Captcha是一个网站后台验证码插件;Car Rental是一个汽车预定插件。 多款WordPress插件中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。以下产品和版本受到影响:WordPress Captcha 4.3.0之前的版本;Car Rental 1.0.5之前的版本;Contact F
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| BestWebSoft | Captcha | prior to version 4.3.0 | - | |
| BestWebSoft | Car Rental | prior to version 1.0.5 | - | |
| BestWebSoft | Contact Form Multi | prior to version 1.2.1 | - | |
| BestWebSoft | Contact Form | prior to version 4.0.6 | - | |
| BestWebSoft | Contact Form to DB | prior to version 1.5.7 | - | |
| BestWebSoft | Custom Admin Page | prior to version 0.1.2 | - | |
| BestWebSoft | Custom Fields Search | prior to version 1.3.2 | - | |
| BestWebSoft | Custom Search | prior to version 1.36 | - | |
| BestWebSoft | Donate | prior to version 2.1.1 | - | |
| BestWebSoft | Email Queue | prior to version 1.1.2 | - | |
| BestWebSoft | Error Log Viewer | prior to version 1.0.6 | - | |
| BestWebSoft | Facebook Button | prior to version 2.54 | - | |
| BestWebSoft | Featured Posts | prior to version 1.0.1 | - | |
| BestWebSoft | Gallery Categories | prior to version 1.0.9 | - | |
| BestWebSoft | Gallery | prior to version 4.5.0 | - | |
| BestWebSoft | Google +1 | prior to version 1.3.4 | - | |
| BestWebSoft | Google AdSense | prior to version 1.44 | - | |
| BestWebSoft | Google Analytics | prior to version 1.7.1 | - | |
| BestWebSoft | Google Captcha (reCAPTCHA) | prior to version 1.28 | - | |
| BestWebSoft | Google Maps | prior to version 1.3.6 | - | |
| BestWebSoft | Google Shortlink | prior to version 1.5.3 | - | |
| BestWebSoft | Google Sitemap | prior to version 3.0.8 | - | |
| BestWebSoft | Htaccess | prior to version 1.7.6 | - | |
| BestWebSoft | Job Board | prior to version 1.1.3 | - | |
| BestWebSoft | Latest Posts | prior to version 0.3 | - | |
| BestWebSoft | Limit Attempts | prior to version 1.1.8 | - | |
| BestWebSoft | prior to version 1.0.5 | - | ||
| BestWebSoft | Multilanguage | prior to version 1.2.2 | - | |
| BestWebSoft | PDF & Print | prior to version 1.9.4 | - | |
| BestWebSoft | Pagination | prior to version 1.0.7 | - | |
| BestWebSoft | prior to version 1.0.5 | - | ||
| BestWebSoft | Popular Posts | prior to version 1.0.5 | - | |
| BestWebSoft | Portfolio | prior to version 2.4 | - | |
| BestWebSoft | Post to CSV | prior to version 1.3.1 | - | |
| BestWebSoft | Profile Extra | prior to version 1.0.7 | - | |
| BestWebSoft | PromoBar | prior to version 1.1.1 | - | |
| BestWebSoft | Quotes and Tips | prior to version 1.32 | - | |
| BestWebSoft | Re-attacher | prior to version 1.0.9 | - | |
| BestWebSoft | Realty | prior to version 1.1.0 | - | |
| BestWebSoft | Relevant - Related Posts | prior to version 1.2.0 | - | |
| BestWebSoft | Sender | prior to version 1.2.1 | - | |
| BestWebSoft | SMTP | prior to version 1.1.0 | - | |
| BestWebSoft | Social Buttons Pack | prior to version 1.1.1 | - | |
| BestWebSoft | Subscriber | prior to version 1.3.5 | - | |
| BestWebSoft | Testimonials | prior to version 0.1.9 | - | |
| BestWebSoft | Timesheet | prior to version 0.1.5 | - | |
| BestWebSoft | Twitter Button | prior to version 2.55 | - | |
| BestWebSoft | User Role | prior to version 1.5.6 | - | |
| BestWebSoft | Updater | prior to version 1.35 | - | |
| BestWebSoft | Visitors Online | prior to version 1.0.0 | - | |
| BestWebSoft | Zendesk Help Center | prior to version 1.0.5 | - |
II. Public POCs for CVE-2017-2171
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-2171
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same vendor: BestWebSoft
- CVE-2026-24598
WordPress Multilanguage by BestWebSoft plugin <= 1.5.2 - Bro - CVE-2025-63056
WordPress Contact Form by BestWebSoft plugin <= 4.3.6 - Brok - CVE-2025-9950
Error Log Viewer by BestWebSoft <= 1.1.6 - Authenticated (Ad - CVE-2024-13906
Gallery by BestWebSoft – Customizable Image and Photo Galler - CVE-2025-24628
WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha
V. Comments for CVE-2017-2171
No comments yet