3 matches found
CVE-2023-5051
The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrailform' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'formid' user supplied attribute. This makes it possible fo...
CVE-2023-5051
creationtimestamp| type| source ---|---|--- 2023-10-27 12:27:48+00:00| seen| Telegram/yWdt-TOI5G6LtG1mcPOwPYipU-gdNlbQNh9wOs9qmjh1Q...
CVE-2023-5051
CVE-2023-5051 affects CallRail Phone Call Tracking for WordPress. It is a Stored XSS via the callrail_form shortcode in versions ≤ 0.5.2 due to insufficient input sanitization and output escaping on the form_id attribute. Authenticated attackers with contributor+ permissions can inject scripts ex...