Call Now Accessibility Button < 1.2 – Admin+ Stored XSS | CVE 2023-28933

Affects Plugins

accessibility-help-button

Fixed in 1.2

References

CVE

CVE-2023-28933

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Juampa Rodríguez

Verified

No

WPVDB ID

315b9da3-a4c7-4654-9329-6166e8edc33e

Timeline

Publicly Published

2023-06-02 (about 2 years ago)

Added

2023-06-12 (about 2 years ago)

Last Updated

2023-06-12 (about 2 years ago)

Other

Published

Title

Published

2025-03-25

Title

Advanced iFrame < 2025.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Host Header

Published

2025-01-16

Title

Pin Locations on Map <= 1.0 - Reflected Cross-Site Scripting

Published

2023-01-12

Title

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

Published

2026-01-27

Title

WPBITS Addons For Elementor < 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2019-10-14

Title

WordPress <= 5.2.3 - Stored XSS in Style Tags