Lucene search
K

26 matches found

CNNVD
CNNVD
added 2022/09/01 12:0 a.m.4 views

WordPress plugin CallRail Phone Call Tracking 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.9AI score0.00299EPSS
Exploits0References3
Patchstack
Patchstack
added 2022/09/01 12:0 a.m.28 views

WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Rasi Afeef Patchstack Alliance in WordPress CallRail Phone Call Tracking plugin versions = 0.4.9. Solution Update the WordPress CallRail Phone Call Tracking plugin to the latest available versio...

6.1CVSS2.3AI score0.00299EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2022/09/01 12:0 a.m.17 views

CallRail Phone Call Tracking < 0.4.10 - Stored XSS via CSRF

The plugin does not have CSRF check in place and it also lacking sanitisation as well as escaping in some parameters, which could allow attackers to make a logged in admin put Stored Cross-Site Scripting payloads in them...

6.1CVSS4.2AI score0.00299EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:21 p.m.3 views

Malicious code in callrail_eks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a04c2e632af57414931941b9d17e0edb9dc7883a968f5c96670cff845f32638 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:21 p.m.2 views

Malicious code in callrail-package-cleanup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf309350c3a2a6089dbd7a58183bbbbfbdee0a4d7de4afcfd791e52e000ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:21 p.m.9 views

MAL-2022-1816 Malicious code in callrail-package-cleanup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aaf309350c3a2a6089dbd7a58183bbbbfbdee0a4d7de4afcfd791e52e000ca5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder