Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Call Now Accessibility Button 1.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: June 2, 2023

The Call Now Accessibility Button plugin for WordPress is vulnerable to a type of cyber attack called Stored Cross-Site Scripting. This security issue affects versions of the plugin up to and including version 1.1 because the plugin does not properly protect against malicious inputs. If an attacker has administrator-level access to a WordPress site, they can inject web scripts into pages which will run when any user visits the injected page. This vulnerability only affects multi-site installations and installations where a feature called unfiltered_html has been disabled.

Detected in:

Call Now Accessibility Button fixed vulnerable versions: >= * <= 1.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.