WordPress MaxButtons plugin < 9.8.1 - Admin+ Stored XSS via Text Color vulnerability

Admin+ Stored XSS via Text Color vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MaxButtons versions 9.8.1...

EUVD-2014-1260

Malware in sbrugna...

EUVD-2017-11352

Malware in sbrugna...

EUVD-2024-47584

Malicious code in bioql PyPI...

EUVD-2023-59220

Malicious code in bioql PyPI...

EUVD-2023-58818

Malicious code in bioql PyPI...

EUVD-2025-11568

Malicious code in bioql PyPI...

EUVD-2022-39062

Malicious code in bioql PyPI...

EUVD-2023-40452

Malicious code in bioql PyPI...

EUVD-2022-41272

Malicious code in bioql PyPI...

CVE-2024-3026

The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

CVE-2024-6499

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...

CVE-2024-8968

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

CVE-2024-10555

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

CVE-2023-7029

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-6594

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2014-125092

A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttonsstrippx of the file includes/maxbuttons-button.php. The manipulation of the argument buttonid leads to cross site scripting. The attack may be initiate...

CVE-2025-39444

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...

CVE-2025-39444

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...

CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3...