Lucene search
High-Tech BridgePATCHSTACK:219A7316EAF8620CA34094C8550A615DHistorySep 25, 2014 - 12:00 a.m.
WordPress MaxButtons Plugin <= 1.26.0 - XSS
2014-09-2500:00:00
High-Tech Bridge
patchstack.com
6
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the “id” parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| maxbuttons | le | 1.26.0 |
Related
securityvulns
securityvulns
htbridge
htbridge
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
2014-09-24 00:00:00
prion
prion
Cross site scripting
2014-10-16 19:55:00
wpvulndb
wpvulndb
MaxButtons 1.26.0 - Cross Site Scripting (XSS)
2014-10-15 19:34:21
packetstorm
packetstorm
WordPress MaxButtons 1.26.0 Cross Site Scripting
2014-10-15 00:00:00
zdt
zdt
WordPress MaxButtons 1.26.0 Cross Site Scripting Vulnerability
2014-10-16 00:00:00
cve
cve
CVE-2014-7181
2014-10-16 19:55:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related for PATCHSTACK:219A7316EAF8620CA34094C8550A615D