CVE-2024-1118

The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

CVE-2024-54399

Cross-Site Request Forgery CSRF vulnerability in CRUDLab CRUDLab Google Plus Button crudlab-google-plus allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through = 1.0.2...

CVE-2024-33928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon allows Reflected XSS.This issue affects CodeBard's Patron Button and Widgets for Patreon: from n/a through 2.2.0...

CVE-2024-44064

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LikeBtn Like Button Rating likebtn-like-button.This issue affects Like Button Rating: from n/a through = 2.6.53...

CVE-2024-53723

Cross-Site Request Forgery CSRF vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through = 1.0...

WordPress On Page SEO + Social Live Chat (Formerly OPS) plugin <= 2.0.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin On Page SEO + Whatsapp Chat Button versions = 2.0.0...

CVE-2024-13612

The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bettermessageslivechatbutton' shortcode in all versions up to, and including, 2.6.9 due to insufficient input...

WordPress plugin Better Messages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-1883 · WordPress · Clinked Client Portal

Name of the Vulnerable Software and Affected Versions: Clinked Client Portal plugin for WordPress versions up to, and including, 1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode due to insufficient input sanitization and output...

WordPress plugin Clinked Client Portal 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

Cross-site Scripting (XSS)

YesWiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation in the attach component, where a non-existing resource in the file attribute generates a file upload button, allowing authenticated users with edit or comment permissions to inject malicious scripts...

CVE-2024-13548

The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13548 Power Ups for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-24738

Cross-Site Request Forgery CSRF vulnerability in Jerry Rietveld Call Now Button call-now-button allows Cross Site Request Forgery.This issue affects Call Now Button: from n/a through = 1.4.13...

CVE-2025-24713

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through = 3.1.1...

CVE-2025-24738

CVE-2025-24738 is a CSRF vulnerability in the WordPress Call Now Button plugin (versions

CVE-2025-24738 WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jerry Rietveld Call Now Button call-now-button allows Cross Site Request Forgery.This issue affects Call Now Button: from n/a through = 1.4.13...

CVE-2025-24713 WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through = 3.1.1...

CVE-2025-24713

CVE-2025-24713 is a CSRF vulnerability in the WordPress plugin “Button Generator – easily Button Builder” (Wow-Company Button Generator). Public details indicate the issue affects versions up to 3.1.1 (vulnerability range: n/a through 3.1.1) and is classified as Cross-Site Request Forgery. The CV...