The Widget4Call plugin for WordPress has a security issue called Stored Cross-Site Scripting. This affects all versions up to 1.0.7 because it does not properly clean up the information it receives and sends out. This means that hackers without authorization can add harmful codes to pages which will run whenever someone visits the hacked page.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
