2 matches found
CVE-2024-13099
CVE-2024-13099 refers to the WordPress Widget4Call plugin (versions up to 1.0.7) and describes a Reflected XSS caused by insufficient sanitisation/escaping of an input parameter when echoed in the page. The vulnerability can be leveraged against high-privilege users (e.g., admins). Public connect...
CVE-2024-5727
CVE-2024-5727 affects the Widget4Call WordPress plugin up to v1.0.7, where an input parameter is not properly sanitized/escaped before reflection, enabling a Reflected XSS against high-privilege users. Remediation: upgrade to a version later than 1.0.7 (per Patchstack/PTSecurity guidance).