CVE-2023-24401

Name of the Vulnerable Software and Affected Versions Davidsword Mobile Call Now & Map Buttons plugin versions 1.5.0 and earlier

Description The issue is related to a Stored Cross-Site Scripting (XSS) vulnerability that requires authentication with admin+ privileges. This vulnerability affects the Davidsword Mobile Call Now & Map Buttons plugin.

Recommendations For versions 1.5.0 and earlier, update to a version later than 1.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's administrative interface to minimize the risk of exploitation.