Vulnerabilities and security researches formobile-contact-bar mobile-contact-bar

May 17, 2025

CVE, Research URL: CVE-2024-12739
Home page URL: Security reports for Mobile Contact Bar
Application: Mobile Contact Bar
Date: May 16, 2025
Research Description: The Mobile Contact Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable