84 matches found
CVE-2025-48252
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...
CVE-2025-48252
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8...
CVE-2025-48252
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...
CVE-2025-48252
CVE-2025-48252 corresponds to a stored Cross‑Site Scripting vulnerability in the WPFactory Back Button Widget, affecting versions up to 1.6.8. The issue stems from improper input neutralization during web page generation, enabling stored XSS attacks. Connected sources confirm the vulnerability an...
CVE-2025-48252 WordPress Back Button Widget plugin <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...
CVE-2025-48252 WordPress Back Button Widget <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8...
WordPress plugin Back Button Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-21964 · Unknown · Back Button Widget
Name of the Vulnerable Software and Affected Versions: Back Button Widget versions 1.6.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can injec...
CVE-2025-1458
The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...
CVE-2024-9505
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-9505
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2024-9505
CVE-2024-9505 affects Beaver Builder – WordPress Page Builder (Plugin). The issue is a stored DOM-based XSS in the Button widget introduced by insufficient input sanitization and output escaping on user-supplied attributes, exploitable by authenticated attackers with contributor-level access and ...
WordPress Beaver Builder plugin <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Widget vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.4.2...
CVE-2024-5666
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5666
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5645
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-5645
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-5645 Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...
CVE-2024-5645
The CVE-2024-5645 issue affects the Envo Extra WordPress plugin and is a Stored XSS in the Button widget via the button_css_id parameter in all versions up to 1.8.23. An authenticated attacker with Contributor+ rights can inject scripts that execute when pages are viewed. Public advisories indica...
WordPress Envo Extra plugin <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by wesley wcraft in WordPress Plugin Envo Extra versions = 1.8.23...