CVE-2023-2028
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Summary
CVE-2023-2028 is a vulnerability affecting the Call Now Accessibility Button WordPress plugin before version 1.1. The issue lies in the plugin's failure to properly sanitize certain settings which can lead to Stored Cross-Site Scripting (XSS) attacks. High-privilege users can exploit this vulnerability, bypassing the unfiltered_html capability restriction and injecting malicious scripts, even in multisite configurations. This can result in unauthorized access, data theft, or other malicious activities. Users are advised to update the plugin to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Call Now Accessibility Button