CVE-2014-125109

Name of the Vulnerable Software and Affected Versions BestWebSoft Portfolio Plugin versions up to 2.27

Description A vulnerability was found in the BestWebSoft Portfolio Plugin, affecting the function bws add menu render of the file bws menu/bws menu.php. The manipulation of the argument bwsmn form email leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For BestWebSoft Portfolio Plugin versions up to 2.27, upgrade to version 2.28 to address this issue. As a temporary workaround, consider restricting the manipulation of the bwsmn form email argument in the bws add menu render function until the upgrade is applied.