2 matches found
CVE-2015-8350
CVE-2015-8350 covers two XSS vulnerabilities in the WordPress plugin Calls to Action prior to 2.5.1. The flaws arise from unsanitized input in two GET parameters: open-tab (wp_cta_global_settings action, used in wp-admin/edit.php) and wp-cta-variation-id (in ab-testing-call-to-action-example/). T...
WordPress Calls to Action Plugin <= 2.2.7 - Stored XSS
Unauthenticated users can update the content of any specific form on the site by the AJAX action "inboundformsave". Solution Update the plugin...