78 matches found
WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability
Settings Change Vulnerability discovered by ch4r0n in WordPress Plugin Experto CTA Widget Call To Action, Sticky CTA, Floating Button Plugin versions = 1.1.1...
Malicious code in cta-agency-backoffice (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0472dffddfb9f6d71d71f709629ce438cff8b37d7ad2786724bb2bc5dd4aa81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2249 Malicious code in cta-agency-backoffice (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0472dffddfb9f6d71d71f709629ce438cff8b37d7ad2786724bb2bc5dd4aa81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-46644
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8...
CVE-2023-46644 WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8...
CVE-2023-46644 WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8...
WordPress plugin WordPress CTA 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
EMC CTA 10.0 Unauthenticated XXE Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read', 'Description' = %q EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that...
MAL-2024-2035 Malicious code in cta-onboard-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b526b19f50a6fcc3db7db99ebbc2d26c502b21b0563251b2aa688026f0b916f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in cta-onboard-express (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b526b19f50a6fcc3db7db99ebbc2d26c502b21b0563251b2aa688026f0b916f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-51532
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...
CVE-2023-51532 WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...
CVE-2023-51532
CVE-2023-51532 affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. Connected sources confirm a Stored Cross-Site Scripting due to Improper Neutralization of Input During Web Page Generation, affecting Icegram Engage up to version 3.1.19. Impact ...
CVE-2023-52119
Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...
CVE-2023-52119
Technical details about CVE-2023-52119, including affected versions, exploit vector, and patch status, are not provided in the supplied documents. Monitor for updates from upstream advisories; current sources only confirm a CSRF vulnerability in Icegram Engage up to v3.1.18.
CVE-2023-49148
Cross-Site Request Forgery CSRF vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5...
WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions
Description The WordPress CTA plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX actions in versions up to, and including, 1.5.8. This makes it possible for unauthenticated attackers to perform unauthorized actions, such as...
WordPress WordPress CTA Plugin <= 1.5.8 is vulnerable to Broken Access Control
Software WordPress CTA Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46644 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 45791c76e335 Credits Abdi Pranata Required...
CVE-2023-20826
In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550...