21 matches found
WordPress Buttons Shortcode and Widget plugin <= 1.16 - Stored XSS via shortcode vulnerability
Stored XSS via shortcode vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Buttons Shortcode and Widget versions = 1.16...
WordPress PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin <= 1.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode versions = 1.7...
EUVD-2024-22293
Malicious code in bioql PyPI...
CVE-2025-9849 Html Social share buttons <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3065
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-24930
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...
CVE-2024-8363
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Share This Image plugin <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via STI Buttons Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Share This Image versions = 2.02...
WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode security vulnerability
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...
CVE-2024-0711
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2024-0711
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2024-0711 Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress Plugin Buttons Shortcode and Widget Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-15772 · WordPress · The Buttons Shortcode/Widget
Name of the Vulnerable Software and Affected Versions: The Buttons Shortcode and Widget WordPress plugin versions 1.16 and earlier Description: The issue concerns the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and...
CVE-2024-24930
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...
CVE-2024-24930 WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...
CVE-2024-24930
CVE-2024-24930 is a stored XSS in the WordPress Buttons Shortcode and Widget plugin (
CVE-2024-24930 WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16...
WordPress Plugin Buttons Shortcode and Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...