130 matches found
CVE-2024-6499
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...
CVE-2024-6499
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...
CVE-2024-6499
CVE-2024-6499 refers to the WordPress Button Plugin MaxButtons vulnerability. The MaxButtons plugin (WordPress Button Plugin MaxButtons) versions up to and including 9.7.8 expose full filesystem paths, enabling unauthenticated attackers to obtain instance paths. The risk is information exposure w...
CVE-2024-6499 WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...
CVE-2024-6499 WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...
WordPress plugin WordPress Button Plugin MaxButtons 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37673 · WordPress · Maxbuttons
Name of the Vulnerable Software and Affected Versions: MaxButtons plugin for WordPress versions up to, and including, 9.7.8 Description: The MaxButtons plugin for WordPress is vulnerable to information exposure. This vulnerability allows unauthenticated attackers to obtain the full path to...
WordPress WordPress Button Plugin MaxButtons plugin < 9.7.8 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MaxButtons versions 9.7.8...
WordPress MaxButtons Plugin < 9.7.8 is vulnerable to Cross Site Scripting (XSS)
Software MaxButtons Type Plugin Vulnerable versions 9.7.8 Fixed in 9.7.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3026 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e5d877c29aee Credits Dmitrii Ignatyev Required...
CVE-2024-3026
The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
CVE-2024-3026
The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
CVE-2024-3026
CVE-2024-3026 affects WordPress Button Plugin MaxButtons (versions
CVE-2024-3026 WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS
The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
CVE-2024-3026 WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS
The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
PT-2024-23304 · WordPress · Maxbuttons
Name of the Vulnerable Software and Affected Versions: MaxButtons WordPress plugin versions prior to 9.7.8 Description: The issue allows users with a role as low as editor to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters. Recommendations:...
CVE-2023-7029
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-7029
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-7029
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Cross site scripting
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-7029 WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...