8 matches found
EUVD-2023-32553
Malicious code in bioql PyPI...
CVE-2023-28933
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...
CVE-2023-2635
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2028
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2635 Call Now Accessibility Button < 1.1 - Admin+ Stored XSS
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2635
CVE-2023-2635 concerns the WordPress plugin Call Now Accessibility Button (versions prior to 1.1). The issue is that the plugin does not sanitize and escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite d...
CVE-2023-2028
The CVE-2023-2028 issue affects the Call Now Accessibility Button WordPress plugin and is caused by improper sanitization of certain settings. Versions prior to 1.1 allow Stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is disallowed (e.g., in multisite). Public...
PT-2023-22044 · Stpetedesign · Stpetedesign Call Now Accessibility Button
Name of the Vulnerable Software and Affected Versions: StPeteDesign Call Now Accessibility Button plugin versions = 1.1 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject...