22 matches found
Widget4Call WordPress - Cross-Site Scripting
Widget4Call WordPress plugin = 1.0.7 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13099 info: name:...
WordPress Widget4call plugin <= 1.0.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Widget4Call versions = 1.0.7...
EUVD-2024-51340
Malicious code in bioql PyPI...
CVE-2024-5727
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13099
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13099
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13099
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13099 Widget4call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13099 Widget4call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin Widget4Call 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-1998
Name of the Vulnerable Software and Affected Versions Widget4Call WordPress plugin versions 1.0.0 through 1.0.7 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...
WordPress Widget4Call plugin <= 1.0.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Widget4Call versions = 1.0.7...
WordPress Widget4Call Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)
Software Widget4Call Type Plugin Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5727 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 957add8ae997 Credits Bob Matyas Required...
CVE-2024-5727
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5727
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5727
CVE-2024-5727 affects the Widget4Call WordPress plugin up to v1.0.7, where an input parameter is not properly sanitized/escaped before reflection, enabling a Reflected XSS against high-privilege users. Remediation: upgrade to a version later than 1.0.7 (per Patchstack/PTSecurity guidance).
WordPress plugin Widget4Call security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exis...
PT-2024-37103 · WordPress · Widget4Call
Name of the Vulnerable Software and Affected Versions: Widget4Call WordPress plugin versions 1.0.0 through 1.0.7 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the...