93 matches found
CVE-2023-28933
CVE-2023-28933 affects the WordPress plugin Call Now Accessibility Button by StPeteDesign, version
WordPress Plugin StPeteDesign Call Now Accessibility Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2023-22044 · Stpetedesign · Stpetedesign Call Now Accessibility Button
Name of the Vulnerable Software and Affected Versions: StPeteDesign Call Now Accessibility Button plugin versions = 1.1 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject...
WordPress Call Now Icon Animate Plugin <= 0.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Call Now Icon Animate Type Plugin Vulnerable versions = 0.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-34187 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cca3b242a6de Credits Rio Darmawan Requir...
WordPress Call Now Buttons plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Call Now Buttons plugin prior ...
CVE-2022-1455
The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...
Cross site scripting
The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...
CVE-2022-1455 Call Now Button < 1.1.2 - Reflected Cross-Site Scripting
The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled...
CVE-2022-1455
The CVE-2022-1455 entry concerns the WordPress Call Now Button plugin prior to version 1.1.2, where a parameter output into a hidden input attribute is not escaped, enabling Reflected Cross-Site Scripting. The vulnerability affects versions before 1.1.2; the root cause is failure to escape user-c...
WordPress plugin Call Now Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Call Now Buttons plugin prior ...
WordPress Call Now Button plugin <= 1.1.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by 7coo and JrXnm in WordPress Call Now Button plugin versions = 1.1.1. Solution Update the WordPress Call Now Button plugin to the latest available version at least 1.1.2...
Call Now Button < 1.1.2 - Reflected Cross-Site Scripting
The plugin does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled With premium enabled: http://example.com/wp-admin/admin.php?page=call-now-button&bid=xxxxx" accesskey=X onclick=alert/XSS/...
WordPress WordPress Easy Call Now Button by elixirs.io plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Easy Call Now Button by elixirs.io plugin versions = 1.0.5. Solution No patched version available...