CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

OSV•added 2024/10/25 8:15 a.m.•1 views

CVE-2024-10150

The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

5.4CVSS5.9AI score0.00271EPSS

Exploits0References2

NVD•added 2024/10/25 8:15 a.m.•20 views

CVE-2024-10150

6.4CVSS0.00271EPSS

Exploits0References2

CVE•added 2024/10/25 7:37 a.m.•62 views

CVE-2024-10150

CVE-2024-10150 concerns the Bamazoo – Button Generator WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the dgs shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to and including 1.0. Exploi...

6.4CVSS5.5AI score0.00271EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/10/25 7:37 a.m.•9 views

CVE-2024-10150 Bamazoo – Button Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dgs Shortcode

6.4CVSS5.8AI score0.00271EPSS

Exploits0References2

Positive Technologies•added 2024/10/25 12:0 a.m.•3 views

PT-2024-16065 · WordPress · Bamazoo – Button Generator

Name of the Vulnerable Software and Affected Versions: Bamazoo – Button Generator plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dgs shortcode. This allows...

6.4CVSS6.9AI score0.00271EPSS

Exploits0References7

CNNVD•added 2024/10/25 12:0 a.m.•2 views

WordPress plugin Bamazoo – Button Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS5.9AI score0.00271EPSS

Exploits0References2

Patchstack•added 2024/10/24 9:58 p.m.•2 views

WordPress Bamazoo – Button Generator plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Bamazoo Button Generator versions = 1.0...

6.4CVSS5.7AI score0.00271EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/24 12:0 a.m.•9 views

WordPress Bamazoo Button Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Bamazoo Button Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10150 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 296ef2edb58f Credits Francesco Carlucci...

6.4CVSS5.7AI score0.00271EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/05/02 6:34 a.m.•4 views

WordPress Button Generator plugin < 3.0 - Button Deletion via CSRF vulnerability

Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Button Generator – easily Button Builder versions 3.0...

3.4CVSS7AI score0.00229EPSS

Exploits2References1Affected Software1

OSV•added 2024/05/02 6:15 a.m.•3 views

CVE-2024-3471

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack...

3.4CVSS5.8AI score0.00229EPSS

Exploits2References1

Cvelist•added 2024/05/02 6:0 a.m.•27 views

CVE-2024-3471 Button Generator < 3.0 - Button Deletion via CSRF

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack...

6.6AI score0.00229EPSS

Exploits2References1

Patchstack•added 2024/05/02 12:0 a.m.•11 views

WordPress Button Generator – easily Button Builder Plugin < 3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3471 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aca54546afa3 Credits B...

3.4CVSS6.6AI score0.00229EPSS

Exploits2References4Affected Software1

CNNVD•added 2024/05/02 12:0 a.m.•4 views

WordPress plugin Button Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

3.4CVSS6.5AI score0.00229EPSS

Exploits2References2

Positive Technologies•added 2024/05/01 12:0 a.m.•3 views

PT-2024-26124 · WordPress · Button Generator

Name of the Vulnerable Software and Affected Versions: The Button Generator WordPress plugin versions prior to 3.0 Description: The issue is related to the lack of a CSRF check when bulk deleting, which could allow attackers to make a logged-in admin delete buttons via a CSRF attack...

3.4CVSS6.3AI score0.00229EPSS

Exploits2References8

wpexploit•added 2024/04/11 12:0 a.m.•128 views

Button Generator < 3.0 - Button Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack Make a logged in admin open an HTML file containing: action...

6.7AI score0.00229EPSS

Exploits2

WPVulnDB•added 2024/04/11 12:0 a.m.•14 views

Button Generator < 3.0 - Button Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack PoC Make a logged in admin open an HTML file containing: action...

6.3AI score0.00229EPSS

Exploits2Affected Software1

OSV•added 2023/12/18 11:15 p.m.•3 views

CVE-2023-49155

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

8.8CVSS7.3AI score0.00294EPSS

Exploits0References1

NVD•added 2023/12/18 11:15 p.m.•34 views

CVE-2023-49155

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

8.8CVSS0.00294EPSS

Exploits0References1

Prion•added 2023/12/18 11:15 p.m.•23 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

6.8CVSS7.2AI score0.00294EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/12/18 10:13 p.m.•11 views

CVE-2023-49155 WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

4.3CVSS7AI score0.00294EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by