Security for everyone

CVE-2017-18558 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Testimonials plugin for WordPress affects v. before 0.1.9.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2017-18558 Scanner Detail

The bws-testimonials plugin is a popular tool used to display client feedback on WordPress-based websites. This plugin has been praised for its ease of use and customization options, making it a go-to for businesses looking to showcase their success stories. However, the security of this plugin has recently been called into question due to the discovery of several vulnerabilities, including CVE-2017-18558.

CVE-2017-18558 is a cross-site scripting (XSS) vulnerability located in the Testimonials shortcode, which can be exploited by attackers to execute malicious code on a user's browser. This vulnerability can be triggered by inserting specially crafted JavaScript code into the plugin's input fields, such as the name and message fields.

Such an exploit could result in a range of consequences, including redirecting users to malicious websites, stealing sensitive information, or installing malware. Moreover, as this plugin is often used on business websites, attackers could use it to gain access to corporate networks or other valuable digital assets.

In conclusion, while the Testimonials plugin can be a valuable tool for businesses to showcase their successes, it is important to be aware of the potential risks associated with it. By following the recommended precautions and partnering with a trusted security provider like, website owners can remain ahead of the curve and minimize the risk of damaging cyberattacks.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture