Calls to Action WordPress Plugin Reflective Cross-Site Scripting Vulnerability
Calls to Action is a plugin for calling events on WordPress sites. Calls to Action 2.4.3 and earlier versions do not effectively filter the "open-tab" HTTP GET parameter value and the "wp-cta-variation-id" HTTP GET parameter value, which allows an unauthenticated, remote attacker to trick...