Lucene search
K

84 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 3:14 p.m.10 views

CVE-2025-48252

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 3:15 p.m.3 views

CVE-2025-48252

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 3:15 p.m.8 views

CVE-2025-48252

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...

6.5CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:44 p.m.28 views

CVE-2025-48252

CVE-2025-48252 corresponds to a stored Cross‑Site Scripting vulnerability in the WPFactory Back Button Widget, affecting versions up to 1.6.8. The issue stems from improper input neutralization during web page generation, enabling stored XSS attacks. Connected sources confirm the vulnerability an...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/19 2:44 p.m.12 views

CVE-2025-48252 WordPress Back Button Widget plugin <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...

6.5CVSS0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 2:44 p.m.5 views

CVE-2025-48252 WordPress Back Button Widget <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget: from n/a through 1.6.8...

6.5CVSS6.4AI score0.00216EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.4 views

WordPress plugin Back Button Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.1AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.4 views

PT-2025-21964 · Unknown · Back Button Widget

Name of the Vulnerable Software and Affected Versions: Back Button Widget versions 1.6.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can injec...

6.5CVSS6.2AI score0.00216EPSS
Exploits0References5
OSV
OSV
added 2025/04/26 6:15 a.m.5 views

CVE-2025-1458

The Element Pack Addons for Elementor – Free Templates and Widgets for Your WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets like Dual Button, Creative Button, Image Stack and more in all versions up to, and including, 5.10.29 due to...

5.4CVSS7.4AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2024/10/29 2:15 p.m.5 views

CVE-2024-9505

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

5.4CVSS6AI score0.0032EPSS
Exploits0References4
NVD
NVD
added 2024/10/29 2:15 p.m.30 views

CVE-2024-9505

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.0032EPSS
Exploits0References4
CVE
CVE
added 2024/10/29 1:53 p.m.62 views

CVE-2024-9505

CVE-2024-9505 affects Beaver Builder – WordPress Page Builder (Plugin). The issue is a stored DOM-based XSS in the Button widget introduced by insufficient input sanitization and output escaping on user-supplied attributes, exploitable by authenticated attackers with contributor-level access and ...

6.4CVSS5.4AI score0.0032EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/10/29 5:15 a.m.3 views

WordPress Beaver Builder plugin <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Widget vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.4.2...

6.4CVSS6.1AI score0.0032EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/06/29 7:15 a.m.3 views

CVE-2024-5666

The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.1AI score0.00372EPSS
Exploits0References5
OSV
OSV
added 2024/06/29 7:15 a.m.3 views

CVE-2024-5666

The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00372EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/06/07 10:15 a.m.6 views

CVE-2024-5645

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS6.1AI score0.00321EPSS
Exploits0References5
OSV
OSV
added 2024/06/07 10:15 a.m.6 views

CVE-2024-5645

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

5.4CVSS5.9AI score0.00321EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/07 9:33 a.m.23 views

CVE-2024-5645 Envo Extra <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

6.4CVSS0.00321EPSS
Exploits0References4
CVE
CVE
added 2024/06/07 9:33 a.m.51 views

CVE-2024-5645

The CVE-2024-5645 issue affects the Envo Extra WordPress plugin and is a Stored XSS in the Button widget via the button_css_id parameter in all versions up to 1.8.23. An authenticated attacker with Contributor+ rights can inject scripts that execute when pages are viewed. Public advisories indica...

6.4CVSS5.5AI score0.00321EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/06/07 2:14 a.m.6 views

WordPress Envo Extra plugin <= 1.8.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Widget vulnerability discovered by wesley wcraft in WordPress Plugin Envo Extra versions = 1.8.23...

6.4CVSS5.8AI score0.00321EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder