CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

PT-2025-41568

Name of the Vulnerable Software and Affected Versions Publii CMS version 0.46.5 build 17089 Description Publii CMS version 0.46.5 build 17089 contains a persistent Cross-Site Scripting XSS flaw. This occurs because input in configuration fields, such as “Site Description” and “Footer Follow...

CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

EUVD-2025-33728

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

EUVD-2021-23415

Malware in sbrugna...

CVE-2023-29428

Cross-Site Request Forgery CSRF vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin = 1.1.3 versions...

WordPress Plugin Superb Social Media Share Buttons and Follow Buttons for WordPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2021-36839

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Social Media Follow Buttons Bar plugin = 4.73 at WordPress...

CVE-2021-36839

CVE-2021-36839 affects the WordPress plugin “Social Media Follow Buttons Bar” (versions

CVE-2021-36839 WordPress Social Media Follow Buttons Bar plugin <= 4.73 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Social Media Follow Buttons Bar plugin = 4.73 at WordPress...

PT-2022-10571 · WordPress · Social Media Follow Buttons Bar

Name of the Vulnerable Software and Affected Versions: Social Media Follow Buttons Bar plugin versions prior to 4.74 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by an admin or higher-privileged user. The...

Social Media Follow Buttons Bar <= 4.73 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...