26 matches found
WordPress plugin CallRail Phone Call Tracking 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in WordPress CallRail Phone Call Tracking plugin versions = 0.4.9. Solution Update the WordPress CallRail Phone Call Tracking plugin to the latest available versio...
CallRail Phone Call Tracking < 0.4.10 - Stored XSS via CSRF
The plugin does not have CSRF check in place and it also lacking sanitisation as well as escaping in some parameters, which could allow attackers to make a logged in admin put Stored Cross-Site Scripting payloads in them...
Malicious code in callrail_eks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a04c2e632af57414931941b9d17e0edb9dc7883a968f5c96670cff845f32638 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in callrail-package-cleanup (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf309350c3a2a6089dbd7a58183bbbbfbdee0a4d7de4afcfd791e52e000ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1816 Malicious code in callrail-package-cleanup (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf309350c3a2a6089dbd7a58183bbbbfbdee0a4d7de4afcfd791e52e000ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...