Apidaze Widget4Call vulnerabilities
2 known vulnerabilities affecting apidaze/widget4call.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-13099P4MEDIUMCVSS 5.4PoC≤ 1.0.72025-02-01
CVE-2024-13099 [MEDIUM] CWE-79 CVE-2024-13099: The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outpu
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
nvd
CVE-2024-5727P4MEDIUMCVSS 4.7≤ 1.0.72024-06-28
CVE-2024-5727 [MEDIUM] CWE-79 CVE-2024-5727: The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outpu
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
nvd