Lucene search
Dikshita Trivedi (Cybersecdexter)WPEX-ID:58C9E088-ED74-461A-B305-E217679F26C1HistoryApr 05, 2024 - 12:00 a.m.
Call Now Button < 1.4.7 - Admin+ Stored XSS
2024-04-0500:00:00
Dikshita Trivedi (Cybersecdexter)
53
stored xss admin+ poc update exploit
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Navigate to All Buttons, and add a button.
2. Select "Button action" as Link and insert the following payload: javascript:alert(document.cookie);
3. Set the Open link in the "Current window".
4. Visit the website and click on the button.
5. The alert will trigger.Related
vulnrichment
vulnrichment
CVE-2024-2908 Call Now Button < 1.4.7 - Admin+ Stored XSS
2024-04-26 05:00:03
cvelist
cvelist
CVE-2024-2908 Call Now Button < 1.4.7 - Admin+ Stored XSS
2024-04-26 05:00:03
nvd
nvd
CVE-2024-2908
2024-04-26 05:15:50
cve
cve
CVE-2024-2908
2024-04-26 05:15:50
wpvulndb
wpvulndb
Call Now Button < 1.4.7 - Admin+ Stored XSS
2024-04-05 00:00:00
wordfence
wordfence
AI Score
5.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:58C9E088-ED74-461A-B305-E217679F26C1