Description
WordPress Plugin Inline Call To Action Builder Lite-Free Call To Action Layer for WordPress [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Inline Call To Action Builder Lite-Free Call To Action Layer for WordPress version 1.1.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.1 or latest
References
Related Vulnerabilities
Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-39162)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4393)
WordPress Plugin WordPress+Microsoft Office 365/Azure AD-LOGIN Cross-Site Scripting (15.3)
Apache HTTP Server Improper Locking Vulnerability (CVE-2009-2699)
WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.81)