Lucene search
Juampa RodríguezWPVDB-ID:0F1C1F1C-ACDD-4C8A-BD5E-A21F4915E69FHistoryJun 19, 2023 - 12:00 a.m.
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
2023-06-1900:00:00
Juampa Rodríguez
wpscan.com
152
plugin settings
high-privilege users
stored cross-site scripting
unfiltered_html capability
multisite setup
0.001 Low
EPSS
Percentile
19.6%
Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
PoC
1. In the plugin’s “Quick Start” field, add the payload: "> 2. Save the changes, submit the request and you will see the XSS exploit.
| CPE | Name | Operator | Version |
|---|---|---|---|
| accessibility-help-button | eq | 1.1 |
Related
cvelist
cvelist
prion
prion
Cross site scripting
2023-07-10 16:15:00
wpexploit
wpexploit
Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
2023-06-19 00:00:00
nvd
nvd
CVE-2023-2028
2023-07-10 16:15:50
cve
cve
CVE-2023-2028
2023-07-10 16:15:50