CVE-2022-36346

CVE-2022-36346 affects the WordPress MaxButtons plugin by Max Foundry, specifically versions

CVE-2022-36346 WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Max Foundry MaxButtons plugin = 9.2 at WordPress...

CVE-2022-36346 WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities in Max Foundry MaxButtons plugin = 9.2 at WordPress...

WordPress plugin Max Foundry MaxButtons 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

PT-2022-23321 · Max Foundry · Maxbuttons

Name of the Vulnerable Software and Affected Versions: Max Foundry MaxButtons plugin versions = 9.2 Description: The issue concerns multiple Cross-Site Request Forgery CSRF vulnerabilities. CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web...

MaxButtons < 9.3 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Button Plugin MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

WordPress MaxButtons plugin <= 9.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Muhammad Daffa Patchstack Alliance in WordPress MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

Button Plugin MaxButtons < 9.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2169

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2169

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2017-2169

CVE-2017-2169 affects the WordPress plugin MaxButtons and MaxButtons Pro prior to version 6.19. The vulnerability is a cross-site scripting (CWE-79) issue that could allow a remote attacker to cause arbitrary script execution in a logged-in user’s browser via unspecified vectors. Product: MaxButt...

CVE-2017-2169

Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress MaxButtons plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.MaxButtons and MaxButtons Pro are different versions of the Button Builder plugin. A cross-site scripting...

WordPress plugin "MaxButtons" vulnerable to cross-site scripting

Overview The WordPress plugin "MaxButtons" provided by Max Foundry contains a cross-site scripting vulnerability CWE-79. ASAI Ken and Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

JVN#70411623: WordPress plugin "MaxButtons" vulnerable to cross-site scripting

The WordPress plugin "MaxButtons" provided by Max Foundry contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

WordPress Button Plugin MaxButtons <= 6.18 - Authenticated Cross-Site Scripting (XSS)

The WordPress Button Plugin MaxButtons WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...

CVE-2014-7181

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

Cross site scripting

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...