Lucene search
K

41 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-15755

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.00565EPSS
Exploits2References1
OSV
OSV
added 2025/06/10 5:15 a.m.2 views

CVE-2025-3076

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttontext’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.7 views

WordPress plugin Elementor Website Builder Pro 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Elementor Website Builder Pro plugin that stems from insufficient input cleanup and output escaping of the buttontex...

6.4CVSS5.8AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2025/05/19 2:44 p.m.27 views

CVE-2025-48254

CVE-2025-48254 affects the WordPress plugin Change Add to Cart Button Text for WooCommerce. Connected sources confirm an improper input neutralization leading to a stored XSS vulnerability in web page generation, applicable to versions n/a through 2.2.2. Public details list CVSS metrics (several ...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2025/03/31 1:40 a.m.2 views

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title/Body Source/Button Text fields. An attacker can inject malicious scripts by crafting input that escapes the expected data...

5.1CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/12/13 3:15 p.m.4 views

CVE-2023-34376

Missing Authorization vulnerability in Sekander Badsha Change WooCommerce Add To Cart Button Text change-woocommerce-add-to-cart-button-text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through = 1....

5.4CVSS5.8AI score0.00522EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.3 views

PT-2024-12476 · WordPress · Change Woocommerce Add To Cart Button Text

Name of the Vulnerable Software and Affected Versions: Change WooCommerce Add To Cart Button Text versions 1.3 and earlier Description: The issue affects the Change WooCommerce Add To Cart Button Text plugin, allowing exploitation of incorrectly configured access control security levels due to a...

5.4CVSS9.6AI score0.00522EPSS
Exploits0References9
OSV
OSV
added 2024/07/27 1:15 p.m.5 views

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

5.4CVSS5.9AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/27 12:0 a.m.6 views

PT-2024-37810 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

5.4CVSS6AI score0.00322EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.5 views

Shoplazza LifeStyle 跨站脚本漏洞

Shoplazza LifeStyle is an e-commerce website by Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1, which stems from cross-site scripting due to incorrect manipulation of the parameters Subheading/Heading/Text/Button Text/Label...

5.4CVSS5.3AI score0.00503EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.8 views

CVE-2022-0663

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00565EPSS
Exploits2References2
OSV
OSV
added 2022/06/20 11:15 a.m.3 views

CVE-2022-0663

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References1
OSV
OSV
added 2021/11/29 9:15 a.m.3 views

CVE-2021-24883

The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00778EPSS
Exploits0References3
OSV
OSV
added 2021/09/27 4:15 p.m.1 views

CVE-2021-24569

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfilteredhtml capability...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
OSV
OSV
added 2021/09/20 10:15 a.m.3 views

CVE-2021-24596

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users editors and admins to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.02666EPSS
Exploits1References1
Prion
Prion
added 2021/09/20 10:15 a.m.15 views

Cross site scripting

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users editors and admins to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.9AI score0.02666EPSS
Exploits1References1Affected Software1
Huntr
Huntr
added 2021/09/06 1:20 p.m.13 views

Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver

✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️‍♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...

4.3CVSS0.3AI score0.0077EPSS
Exploits1
wpexploit
wpexploit
added 2020/09/06 12:0 a.m.539 views

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. High-privileged user Editor+ can exploit XSS via Add New Form's...

5.3AI score0.00654EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2020/08/17 12:0 a.m.7 views

Sell Photo <= 1.0.5 - Authenticated Stored Cross-Site Scripting

The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin. PoC The PoC wil...

1.9AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/17 12:0 a.m.10 views

Easy Media Download < 1.1.5 - Authenticated Stored Cross-Site Scripting

The ‘Button Text’ field in used while posting a file download was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the post. It is triggered when a users loads a page where the plugin shortcode is used. All WordPress websites using Easy...

0.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder