41 matches found
EUVD-2022-15755
Malicious code in bioql PyPI...
CVE-2025-3076
The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttontext’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Elementor Website Builder Pro 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Elementor Website Builder Pro plugin that stems from insufficient input cleanup and output escaping of the buttontex...
CVE-2025-48254
CVE-2025-48254 affects the WordPress plugin Change Add to Cart Button Text for WooCommerce. Connected sources confirm an improper input neutralization leading to a stored XSS vulnerability in web page generation, applicable to versions n/a through 2.2.2. Public details list CVSS metrics (several ...
Cross-site Scripting (XSS)
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title/Body Source/Button Text fields. An attacker can inject malicious scripts by crafting input that escapes the expected data...
CVE-2023-34376
Missing Authorization vulnerability in Sekander Badsha Change WooCommerce Add To Cart Button Text change-woocommerce-add-to-cart-button-text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through = 1....
PT-2024-12476 · WordPress · Change Woocommerce Add To Cart Button Text
Name of the Vulnerable Software and Affected Versions: Change WooCommerce Add To Cart Button Text versions 1.3 and earlier Description: The issue affects the Change WooCommerce Add To Cart Button Text plugin, allowing exploitation of incorrectly configured access control security levels due to a...
CVE-2024-6703
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...
PT-2024-37810 · Fluent Forms · Contact Form Plugin By Fluent Forms
Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...
Shoplazza LifeStyle 跨站脚本漏洞
Shoplazza LifeStyle is an e-commerce website by Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1, which stems from cross-site scripting due to incorrect manipulation of the parameters Subheading/Heading/Text/Button Text/Label...
CVE-2022-0663
The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0663
The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24883
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2021-24569
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfilteredhtml capability...
CVE-2021-24596
The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users editors and admins to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users editors and admins to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver
✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...
Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS
Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. High-privileged user Editor+ can exploit XSS via Add New Form's...
Sell Photo <= 1.0.5 - Authenticated Stored Cross-Site Scripting
The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin. PoC The PoC wil...
Easy Media Download < 1.1.5 - Authenticated Stored Cross-Site Scripting
The ‘Button Text’ field in used while posting a file download was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using Easy...