WordPress CSS3 Buttons plugin <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Gilang - DJ in WordPress Plugin CSS3 Buttons versions = 0.1...

WordPress plugin CSS3 Buttons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2017-9669

Malware in sbrugna...

EUVD-2025-19194

Malicious code in bioql PyPI...

EUVD-2024-27281

Malicious code in bioql PyPI...

EUVD-2024-16493

Malicious code in bioql PyPI...

CVE-2025-60154

CVE-2025-60154 affects MWW Disclaimer Buttons (WordPress plugin) up to version 3.41. A stored cross-site scripting vulnerability arises from improper input neutralization during web page generation, enabling attacker-supplied input to be stored and served to users. Base CVSS v3.1 score 5.9 (MEDIU...

CVE-2025-9849

The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zmshbtn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6687

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on the 'icon' user supplied attributes. This makes it...

PT-2025-27597 · WordPress · Magic Buttons For Elementor

Name of the Vulnerable Software and Affected Versions: Magic Buttons for Elementor plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

CVE-2025-5535

The e.nigma buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-5259

The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-3475

The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...

CVE-2021-24792

The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a...

CVE-2017-18553

The ad-buttons plugin before 2.3.2 for WordPress has XSS...

CVE-2017-18578

The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS...

CVE-2025-4221 Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-13848

The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

CVE-2024-13848 Reaction Buttons <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

CVE-2024-13848 Reaction Buttons <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...