63 matches found
CVE-2026-4088
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
EUVD-2026-24652
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
EUVD-2026-24660
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...
CVE-2026-4118
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...
CVE-2026-4118
The CVE-2026-4118 entry concerns the WordPress Call To Action Plugin (versions update(). This enables unauthenticated attackers to modify configuration fields (e.g., title, content, link URL, image URL, colors) by forging requests, provided a site administrator is induced to perform an action suc...
CVE-2026-4118
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...
CVE-2026-4118 Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update
The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cboxoptionspage function which handles saving, creating, and deleting plugin settings. The form rendered on the...
CVE-2026-4088
Summary: The WordPress Switch CTA Box plugin (versions up to 1.1) is vulnerable to Stored Cross-Site Scripting via the wppw_cta_box shortcode due to insufficient sanitization/output escaping of post meta values (cta_box_button_link, cta_box_button_id, cta_box_button_text, cta_box_description). Th...
WordPress plugin Call To Action Plugin 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-22459
Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through = 2.1.2...
PT-2026-23200
Name of the Vulnerable Software and Affected Versions WordPress CTA easy-sticky-sidebar versions through 1.7.4 Description The software contains a missing authorization flaw that allows exploitation due to incorrectly configured access control security levels. Recommendations Update WordPress CTA...
WordPress plugin CTA easy-sticky-sidebar 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress WordPress CTA plugin <= 2.1.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin WordPress CTA versions = 2.1.2...
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
EUVD-2025-208126
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
CVE-2025-14040 Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
CVE-2025-14040
CVE-2025-14040 : The Automotive Car Dealership WordPress Theme (WordPress theme) is vulnerable to a stored XSS via the action_text, action_button_text, action_link, and action_class fields in the Call to Action across all versions up to 13.4. Exploitation requires contributor-level authentication...
WordPress Automotive Car Dealership Business WordPress Theme plugin <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Call to Action Fields vulnerability discovered by Mateusz Gierblinski in WordPress Theme Automotive Car Dealership Business versions = 13.4...
WordPress Exclusive Addons for Elementor plugin <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Call to Action vulnerability discovered by stealthcopter in WordPress Plugin Exclusive Addons Elementor versions = 2.6.9.4...