CVE-2025-24713

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through = 3.1.1...

CVE-2025-22558

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...

CVE-2025-22574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cleanshooter ICS Button ics-button allows Stored XSS.This issue affects ICS Button: from n/a through = 0.6...

CVE-2024-10014

The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-52489

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in udidol Add Chat App Button add-whatsapp-button allows Stored XSS.This issue affects Add Chat App Button: from n/a through = 2.1.5...

CVE-2024-43236

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9...

CVE-2024-43347

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in VirusTran Button contact VR allows Stored XSS.This issue affects Button contact VR: from n/a through 4.7.3...

CVE-2024-2908

The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-32722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon & Discount Code Reveal Button allows Stored XSS.This issue affects Coupon & Discount Code Reveal Button: from n/a through 1.2.5...

CVE-2024-1719

The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the...

CVE-2024-3471

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack...

CVE-2024-3925

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 5.6.11 due to insufficient input sanitization a...

CVE-2024-3888

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-5199

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncustomattributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

CVE-2024-4702

The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2024-5628

The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusionbutton shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...