Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:29 a.m.7 views

CVE-2024-5727

The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS6.1AI score0.00555EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/07/01 12:0 a.m.9 views

WordPress Widget4Call Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software Widget4Call Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5727 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 957add8ae997 Credits Bob Matyas Required...

4.7CVSS5.6AI score0.00555EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2024/06/28 6:15 a.m.18 views

CVE-2024-5727

The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.7CVSS0.00555EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/28 6:0 a.m.15 views

CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS

The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.7AI score0.00555EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/28 6:0 a.m.29 views

CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS

The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00555EPSS
Exploits2References1
CVE
CVE
added 2024/06/28 6:0 a.m.56 views

CVE-2024-5727

CVE-2024-5727 affects the Widget4Call WordPress plugin up to v1.0.7, where an input parameter is not properly sanitized/escaped before reflection, enabling a Reflected XSS against high-privilege users. Remediation: upgrade to a version later than 1.0.7 (per Patchstack/PTSecurity guidance).

4.7CVSS4.8AI score0.00555EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder