The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
Cvelist | CVE-2023-7029 | 5 Feb 202421:22 | – | cvelist |
Patchstack | WordPress MaxButtons Plugin <= 9.7.6 is vulnerable to Cross Site Scripting (XSS) | 24 Jan 202400:00 | – | patchstack |
Prion | Cross site scripting | 5 Feb 202422:15 | – | prion |
Vulnrichment | CVE-2023-7029 | 5 Feb 202421:22 | – | vulnrichment |
WPVulnDB | WordPress Button Plugin MaxButtons < 9.7.7 - Contributor+ Stored XSS | 24 Jan 202400:00 | – | wpvulndb |
CVE | CVE-2023-7029 | 5 Feb 202422:15 | – | cve |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (January 22, 2024 to January 28, 2024) | 1 Feb 202415:49 | – | wordfence |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo