4 matches found
CVE-2015-8350
Multiple cross-site scripting XSS vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 open-tab parameter in a wpctaglobalsettings action to wp-admin/edit.php or 2 wp-cta-variation-id parameter to...
CVE-2015-8350
CVE-2015-8350 covers two XSS vulnerabilities in the WordPress plugin Calls to Action prior to 2.5.1. The flaws arise from unsanitized input in two GET parameters: open-tab (wp_cta_global_settings action, used in wp-admin/edit.php) and wp-cta-variation-id (in ab-testing-call-to-action-example/). T...
WordPress Calls To Action 2.4.3 Cross Site Scripting Vulnerability
WordPress Calls to Action plugin version 2.4.3 suffers from a cross site scripting vulnerability. Product: Calls to Action WordPress plugin Vendor: InboundNow Vulnerable Versions: 2.4.3 and probably prior Tested Version: 2.4.3 Advisory Publication: October 7, 2015 without technical details Vendor...
WordPress Calls To Action 2.4.3 Cross Site Scripting
Advisory ID: HTB23274 Product: Calls to Action WordPress plugin Vendor: InboundNow Vulnerable Versions: 2.4.3 and probably prior Tested Version: 2.4.3 Advisory Publication: October 7, 2015 without technical details Vendor Notification: October 7, 2015 Vendor Patch: October 27, 2015 Public...