6 matches found
CVE-2024-5727
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Widget4Call Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Widget4Call Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5727 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 957add8ae997 Credits Bob Matyas Required...
CVE-2024-5727
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5727
CVE-2024-5727 affects the Widget4Call WordPress plugin up to v1.0.7, where an input parameter is not properly sanitized/escaped before reflection, enabling a Reflected XSS against high-privilege users. Remediation: upgrade to a version later than 1.0.7 (per Patchstack/PTSecurity guidance).