Lucene search
PRIOn knowledge basePRION:CVE-2023-2028HistoryJul 10, 2023 - 4:15 p.m.
Cross site scripting
2023-07-1016:15:00
PRIOn knowledge base
www.prio-n.com
4
cross site scripting
stored cross-site scripting
wordpress plugin
settings sanitization
high-privilege users
unfiltered_html capability
multisite setup
0.001 Low
EPSS
Percentile
19.6%
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
| CPE | Name | Operator | Version |
|---|---|---|---|
| call_now_accessibility_button | lt | 1.1 |
Related
cvelist
cvelist
wpexploit
wpexploit
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
2023-06-19 00:00:00
nvd
nvd
CVE-2023-2028
2023-07-10 16:15:50
wpvulndb
wpvulndb
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
2023-06-19 00:00:00
cve
cve
CVE-2023-2028
2023-07-10 16:15:50