CVE-2014-7181

Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...

CVE-2014-7181

CVE-2014-7181 concerns the WordPress plugin MaxButtons (MaxButtons WordPress plugin,

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public...

WordPress MaxButtons 1.26.0 Cross Site Scripting Vulnerability

WordPress MaxButtons plugin version 1.26.0 suffers from a cross site scripting vulnerability. Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor...

MaxButtons 1.26.0 - Cross Site Scripting (XSS)

The WordPress Button Plugin MaxButtons WordPress plugin was affected by a Cross Site Scripting XSS security vulnerability...

WordPress MaxButtons 1.26.0 Cross Site Scripting

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public...

WordPress MaxButtons Plugin <= 1.26.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page. Solution Update the plugin...

Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...

MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass

The WordPress Button Plugin MaxButtons WordPress plugin was affected by an includes/maxbuttons-button-css.php Authentication Bypass security vulnerability...

WordPress MaxButtons Plugin <= 1.19.0 - BYPASS

This plugin is prone to an authentication bypass vulnerability in includes/maxbuttons-button-css.php. Solution Upgrade the plugin...