11 matches found
EUVD-2023-32553
Malicious code in bioql PyPI...
CVE-2023-28933
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...
CVE-2023-2635
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2028
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2635
CVE-2023-2635 concerns the WordPress plugin Call Now Accessibility Button (versions prior to 1.1). The issue is that the plugin does not sanitize and escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite d...
CVE-2023-2635 Call Now Accessibility Button < 1.1 - Admin+ Stored XSS
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2028
The CVE-2023-2028 issue affects the Call Now Accessibility Button WordPress plugin and is caused by improper sanitization of certain settings. Versions prior to 1.1 allow Stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is disallowed (e.g., in multisite). Public...
WordPress plugin Call Now Accessibility Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin's "Quick Start" field, add the...
CVE-2023-28933 WordPress Call Now Accessibility Button Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...
CVE-2023-28933
CVE-2023-28933 affects the WordPress plugin Call Now Accessibility Button by StPeteDesign, version