Lucene search
+L

93 matches found

CVE
CVE
added 2023/06/12 3:10 p.m.42 views

CVE-2023-28933

CVE-2023-28933 affects the WordPress plugin Call Now Accessibility Button by StPeteDesign, version

5.9CVSS5.1AI score0.00369EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/06/12 12:0 a.m.7 views

WordPress Plugin StPeteDesign Call Now Accessibility Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.5 views

PT-2023-22044 · Stpetedesign · Stpetedesign Call Now Accessibility Button

Name of the Vulnerable Software and Affected Versions: StPeteDesign Call Now Accessibility Button plugin versions = 1.1 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject...

5.9CVSS5.3AI score0.00369EPSS
Exploits0References4
Patchstack
Patchstack
added 2023/05/30 12:0 a.m.12 views

WordPress Call Now Icon Animate Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Call Now Icon Animate Type Plugin Vulnerable versions = 0.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34187 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca3b242a6de Credits Rio Darmawan Requir...

5.9CVSS5.8AI score0.00366EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/05/18 12:0 a.m.30 views

WordPress Call Now Buttons plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Call Now Buttons plugin prior ...

6.1CVSS1.3AI score0.00773EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1455

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

6.1CVSS6.3AI score0.00773EPSS
Exploits2References2
Prion
Prion
added 2022/05/16 3:15 p.m.13 views

Cross site scripting

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

4.3CVSS6.1AI score0.00773EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/05/16 2:31 p.m.22 views

CVE-2022-1455 Call Now Button < 1.1.2 - Reflected Cross-Site Scripting

The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...

6.2AI score0.00773EPSS
Exploits2References1
CVE
CVE
added 2022/05/16 2:31 p.m.75 views

CVE-2022-1455

The CVE-2022-1455 entry concerns the WordPress Call Now Button plugin prior to version 1.1.2, where a parameter output into a hidden input attribute is not escaped, enabling Reflected Cross-Site Scripting. The vulnerability affects versions before 1.1.2; the root cause is failure to escape user-c...

6.1CVSS6AI score0.00773EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.6 views

WordPress plugin Call Now Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Call Now Buttons plugin prior ...

6.1CVSS6.3AI score0.00773EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/04/25 12:0 a.m.26 views

WordPress Call Now Button plugin <= 1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by 7coo and JrXnm in WordPress Call Now Button plugin versions = 1.1.1. Solution Update the WordPress Call Now Button plugin to the latest available version at least 1.1.2...

6.1CVSS2.1AI score0.00773EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/04/25 12:0 a.m.165 views

Call Now Button < 1.1.2 - Reflected Cross-Site Scripting

The plugin does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled With premium enabled: http://example.com/wp-admin/admin.php?page=call-now-button&bid=xxxxx" accesskey=X onclick=alert/XSS/...

6.1CVSS0.2AI score0.00773EPSS
Exploits2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress WordPress Easy Call Now Button by elixirs.io plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Easy Call Now Button by elixirs.io plugin versions = 1.0.5. Solution No patched version available...

2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder