PT-2023-20618 · WordPress · Call Now Accessibility Button

Taliya Bilal

Publicado

2023-07-10

Atualizado

2023-07-17

CVE-2023-2635

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Call Now Accessibility Button WordPress plugin versions prior to 1.1

Description The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup.

Recommendations For Call Now Accessibility Button WordPress plugin versions prior to 1.1, update to version 1.1 or later to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-2635

Produtos afetados

Call Now Accessibility Button

PT-2023-20618 · WordPress · Call Now Accessibility Button

CVE-2023-2635

Identificadores relacionados

Produtos afetados

Referências · 3