cleantalk
Vulnerabilities and Security Researches

Widget4Call, CVE-2024-13099

CVE, Research URL

CVE-2024-13099

Home page URL

Security reports for Widget4Call

Application

Widget4Call

Published on
Feb 01, 2025
Research Description
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
Min -, max 1.0.7.
Status
vulnerable
Previous vulnerability researches
Widget4Call (CVE-2024-5727) , Jun 17, 2024
Widget4Call (CVE-2024-13099) , Feb 04, 2025
New vulnerability
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-52836) , Jul 15, 2025
Strong Testimonials (CVE-2025-7367) , Jul 15, 2025
Companion Auto Update (CVE-2025-4369) , Jul 15, 2025
Restrict File Access (CVE-2025-7667) , Jul 15, 2025
Product XML Feed Manager for WooCommerce – Google Shopping, Social Sites, Skroutz & More (CVE-2025-30959) , Jul 15, 2025