WordPress plugin Beam me up Scotty – Back to Top Button 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title/Body Source/Button Text fields. An attacker can inject malicious scripts by crafting input that escapes the expected data...

Hiro: Logout Bypass Vulnerability in Hiro.so

Summary A logout bypass vulnerability has been identified on platform.hiro.so, allowing users to regain access to their session after logging out simply by pressing the back button on the browser. This issue arises due to improper session invalidation and potential caching misconfigurations. If...

CVE-2025-23632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhizome Networks CG Button content-glass-button allows Reflected XSS.This issue affects CG Button: from n/a through = 1.0.5.6...

CVE-2025-23632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhizome Networks CG Button content-glass-button allows Reflected XSS.This issue affects CG Button: from n/a through = 1.0.5.6...

CVE-2025-23632

CVE-2025-23632 affects the WordPress CG Button plugin (Rhizome Networks) up to version 1.0.5.6. It is a Reflected XSS caused by improper input neutralization during web page generation. Exploitation is possible remotely (network access) and requires user interaction. Current connected sources ind...

WordPress plugin CG Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress دکمه، شبکه اجتماعی خرید plugin <= 2.0.6 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by kuteminh11 - VNPT Cyber Immunity in WordPress Plugin دکمه، شبکه اجتماعی خرید versions = 2.0.6...

WordPress CG Button plugin <= 1.0.5.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin CG Button versions = 1.0.5.6...

WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Contact Form 7 Select Box Editor Button versions = 0.6...

CVE-2025-28902

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

CVE-2025-28902 WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

CVE-2025-28902 WordPress Contact Form 7 Select Box Editor Button plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Benjamin Pick Contact Form 7 Select Box Editor Button contact-form-7-select-box-editor-button allows Cross Site Request Forgery.This issue affects Contact Form 7 Select Box Editor Button: from n/a through = 0.6...

CVE-2025-28902

CVE-2025-28902 is a CSRF vulnerability in the WordPress plugin Contact Form 7 Select Box Editor Button , affecting versions up to 0.6. The connected details confirm a cross-site request forgery flaw in this plugin; no exploitation details or patch/remediation are provided in the sources. The entr...

CVE-2024-13827

The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for...

CVE-2024-13827 Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions

The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for...

CVE-2024-13827 Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions

The Razorpay Subscription Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg and removequeryarg functions without appropriate escaping on the URL in all versions up to, and including, 1.0.3. This makes it possible for...

WordPress plugin Razorpay Subscription Button Elementor Plugin 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

WordPress Razorpay Subscription Button Elementor Plugin plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions vulnerability

Reflected Cross-Site Scripting via addqueryarg and removequeryarg Functions vulnerability discovered by Peter Thaleikis in WordPress Plugin Razorpay Subscription Button Elementor Plugin versions = 1.0.3...

WordPress Download HTML TinyMCE Button plugin <= 1.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Download HTML TinyMCE Button versions = 1.2...