CVE-2024-2220

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

EUVD-2024-44845

Malicious code in bioql PyPI...

EUVD-2024-40236

Malicious code in bioql PyPI...

CVE-2024-43347

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3...

CVE-2024-50414

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through = 4.7.9.1...

CVE-2024-50414

CVE-2024-50414 affects the WordPress Button contact VR plugin (versions

CVE-2024-50414 WordPress Button contact VR plugin <= 4.7.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through = 4.7.9.1...

CVE-2024-50414 WordPress Button contact VR plugin <= 4.7.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through = 4.7.9.1...

PT-2024-34188 · Unknown · Button Contact Vr

Name of the Vulnerable Software and Affected Versions: Button contact VR versions n/a through 4.7.9.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WordPress plugin Button contact VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

CVE-2024-43347 WordPress Button contact VR plugin <= 4.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3...

CVE-2024-43347 WordPress Button contact VR plugin <= 4.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3...

WordPress plugin Button contact VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

WordPress Button contact VR plugin <= 4.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Button contact VR versions = 4.7.7...

WordPress Button contact VR Plugin <= 4.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.7 Fixed in 4.7.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43347 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6b921209fd5e Credits Cronus Required privilege...

WordPress Button contact VR plugin < 4.7.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Button contact VR versions 4.7.7...

CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2024-19269 · WordPress · Button Contact Vr Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Button contact VR WordPress plugin versions through 4.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised...

WordPress Button contact VR Plugin < 4.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions 4.7.7 Fixed in 4.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2220 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2f62fd31490e Credits Dmitrii Ignatyev Require...