Lucene search
K

78 matches found

Patchstack
Patchstack
added 2025/05/15 5:17 p.m.6 views

WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability

Settings Change Vulnerability discovered by ch4r0n in WordPress Plugin Experto CTA Widget Call To Action, Sticky CTA, Floating Button Plugin versions = 1.1.1...

6.5CVSS8.2AI score0.00299EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/11 9:46 p.m.6 views

Malicious code in cta-agency-backoffice (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0472dffddfb9f6d71d71f709629ce438cff8b37d7ad2786724bb2bc5dd4aa81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/03/11 9:46 p.m.3 views

MAL-2025-2249 Malicious code in cta-agency-backoffice (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b0472dffddfb9f6d71d71f709629ce438cff8b37d7ad2786724bb2bc5dd4aa81 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
NVD
NVD
added 2025/01/02 12:15 p.m.9 views

CVE-2023-46644

Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8...

6.5CVSS0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/02 12:0 p.m.16 views

CVE-2023-46644 WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8...

6.5CVSS0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/02 12:0 p.m.7 views

CVE-2023-46644 WordPress WordPress CTA plugin <= 1.5.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8...

6.5CVSS8.5AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.6 views

WordPress plugin WordPress CTA 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.5CVSS8.7AI score0.00391EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.153 views

EMC CTA 10.0 Unauthenticated XXE Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read', 'Description' = %q EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that...

7.8CVSS7AI score0.53342EPSS
Exploits2
OSV
OSV
added 2024/06/25 12:34 p.m.5 views

MAL-2024-2035 Malicious code in cta-onboard-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b526b19f50a6fcc3db7db99ebbc2d26c502b21b0563251b2aa688026f0b916f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:34 p.m.4 views

Malicious code in cta-onboard-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1b526b19f50a6fcc3db7db99ebbc2d26c502b21b0563251b2aa688026f0b916f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
NVD
NVD
added 2024/02/01 11:15 a.m.32 views

CVE-2023-51532

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...

6.5CVSS6.5AI score0.0031EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/01 11:0 a.m.17 views

CVE-2023-51532 WordPress Icegram Plugin <= 3.1.19 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder...

6.5CVSS6.7AI score0.0031EPSS
Exploits0References1
CVE
CVE
added 2024/02/01 11:0 a.m.98 views

CVE-2023-51532

CVE-2023-51532 affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. Connected sources confirm a Stored Cross-Site Scripting due to Improper Neutralization of Input During Web Page Generation, affecting Icegram Engage up to version 3.1.19. Impact ...

6.5CVSS6.7AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/05 10:15 a.m.34 views

CVE-2023-52119

Cross-Site Request Forgery CSRF vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18...

8.8CVSS5.7AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2024/01/05 9:28 a.m.85 views

CVE-2023-52119

Technical details about CVE-2023-52119, including affected versions, exploit vector, and patch status, are not provided in the supplied documents. Monitor for updates from upstream advisories; current sources only confirm a CSRF vulnerability in Icegram Engage up to v3.1.18.

8.8CVSS8.5AI score0.00223EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/12/18 10:15 p.m.25 views

CVE-2023-49148

Cross-Site Request Forgery CSRF vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5...

8.8CVSS0.0028EPSS
Exploits0References1
Prion
Prion
added 2023/12/18 10:15 p.m.14 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Kulwant Nagi Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates.This issue affects Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates: from n/a through 3.0.5...

6.8CVSS7.2AI score0.0028EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.16 views

WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions

Description The WordPress CTA plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX actions in versions up to, and including, 1.5.8. This makes it possible for unauthenticated attackers to perform unauthorized actions, such as...

7AI score0.00391EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/10/25 12:0 a.m.12 views

WordPress WordPress CTA Plugin <= 1.5.8 is vulnerable to Broken Access Control

Software WordPress CTA Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-46644 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 45791c76e335 Credits Abdi Pranata Required...

6.5AI score0.00391EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/09/04 3:15 a.m.24 views

CVE-2023-20826

In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550...

5.5CVSS5.2AI score0.00078EPSS
Exploits0References1
Rows per page
Query Builder