8 matches found
CVE-2025-13898
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
EUVD-2025-201535
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13898
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13898 Ultra Skype Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13898
The Ultra Skype Button WordPress plugin (Ultra Skype Button, Plugin Slug: ultra-skype-button) is affected by CVE-2025-13898: a Stored Cross-Site Scripting vulnerability in the btn_id attribute of the [ultra_skype] shortcode. Affects all versions up to 1.0. Root cause: insufficient input sanitizat...
WordPress plugin Ultra Skype Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-49351
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn id' parameter of the ultra skype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
WordPress Ultra Skype Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'btnid' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultra Skype Button versions = 1.0...