Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-32553

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:50 a.m.7 views

CVE-2023-28933

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:28 a.m.6 views

CVE-2023-2635

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00451EPSS
Exploits2References1
NVD
NVD
added 2023/07/10 4:15 p.m.21 views

CVE-2023-2028

The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.8AI score0.00423EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/07/10 12:41 p.m.12 views

CVE-2023-2635 Call Now Accessibility Button < 1.1 - Admin+ Stored XSS

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00451EPSS
Exploits2References1
CVE
CVE
added 2023/07/10 12:41 p.m.40 views

CVE-2023-2635

CVE-2023-2635 concerns the WordPress plugin Call Now Accessibility Button (versions prior to 1.1). The issue is that the plugin does not sanitize and escape certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite d...

4.8CVSS4.7AI score0.00451EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/07/10 12:40 p.m.46 views

CVE-2023-2028

The CVE-2023-2028 issue affects the Call Now Accessibility Button WordPress plugin and is caused by improper sanitization of certain settings. Versions prior to 1.1 allow Stored Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html is disallowed (e.g., in multisite). Public...

4.8CVSS4.8AI score0.00423EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder