11 matches found
CVE-2026-4088
The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppwctabox' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user-supplied post meta values including 'ctaboxbuttonlink',...
CVE-2026-4088
Summary: The WordPress Switch CTA Box plugin (versions up to 1.1) is vulnerable to Stored Cross-Site Scripting via the wppw_cta_box shortcode due to insufficient sanitization/output escaping of post meta values (cta_box_button_link, cta_box_button_id, cta_box_button_text, cta_box_description). Th...
EUVD-2024-43305
Malicious code in bioql PyPI...
CVE-2024-49236
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through = 1.0.5...
CVE-2024-49236
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through = 1.0.5...
CVE-2024-49236
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5...
CVE-2024-49236
CVE-2024-49236 is a stored XSS in the WordPress plugin Crazy Call To Action Box, affecting versions up to 1.0.5. The issue arises from improper input neutralization during web page generation. Public disclosures confirm affected versions 1.0.0–1.0.5; Patchstack notes no fix available (Fixed in: N...
CVE-2024-49236 WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box allows Stored XSS.This issue affects Crazy Call To Action Box: from n/a through 1.0.5...
CVE-2024-49236 WordPress Crazy Call To Action Box plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hafiz Uddin Ahmed Crazy Call To Action Box crazy-call-to-action-box allows DOM-Based XSS.This issue affects Crazy Call To Action Box: from n/a through = 1.0.5...
WordPress plugin Crazy Call To Action Box 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin Crazy Call ...
WordPress Crazy Call To Action Box Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Crazy Call To Action Box Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49236 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0654c27932a5 Credits SOPROBRO Required privilege...