CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Vulnrichment•added 2025/08/14 10:34 a.m.•2 views

CVE-2025-54694 WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in bPlugins Button Block allows Cross Site Request Forgery. This issue affects Button Block: from n/a through 1.2.0...

4.3CVSS7.2AI score0.00084EPSS

Exploits0References1

Cvelist•added 2025/08/14 10:34 a.m.•7 views

CVE-2025-54694 WordPress Button Block Plugin plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in bPlugins Button Block button-block allows Cross Site Request Forgery.This issue affects Button Block: from n/a through = 1.2.0...

4.3CVSS0.00084EPSS

Exploits0References1

RedhatCVE•added 2025/02/05 5:24 a.m.•6 views

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

8.8CVSS7.4AI score0.01159EPSS

Exploits0References1

Cvelist•added 2025/01/24 5:25 p.m.•18 views

CVE-2025-24713 WordPress Button Generator – easily Button Builder Plugin <= 3.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder button-generation allows Cross Site Request Forgery.This issue affects Button Generator – easily Button Builder: from n/a through = 3.1.1...

5.4CVSS0.0011EPSS

Exploits0References1

CVE•added 2025/01/15 3:23 p.m.•56 views

CVE-2025-22787

CVE-2025-22787 is a Missing Authorization vulnerability in the WordPress plugin Button Block by bPlugins LLC , affecting versions up to 1.1.5. Per the provided documents, the CVE is associated with access to functions not properly constrained by ACLs, with a CVSS v3.1 base score of 8.8 (High) , a...

8.8CVSS7.2AI score0.00291EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/12/20 12:0 a.m.•1 views

WordPress plugin WordPress Button Plugin MaxButtons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

4.8CVSS8.5AI score0.0017EPSS

Exploits1References1

Positive Technologies•added 2024/12/19 12:0 a.m.•9 views

PT-2024-17655 · WordPress · Button Block

Name of the Vulnerable Software and Affected Versions: Button Block plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract potentially sensitive data from draft, scheduled, private, and...

6.5CVSS9.4AI score0.00768EPSS

Exploits0References7

Cvelist•added 2024/12/09 11:30 a.m.•21 views

CVE-2023-49154 WordPress Button Generator – easily Button Builder plugin <= 2.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

5.3CVSS0.00182EPSS

Exploits0References1

Cvelist•added 2024/09/13 3:10 p.m.•19 views

CVE-2024-5870 Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.0031EPSS

Exploits0References2

CNNVD•added 2024/08/24 12:0 a.m.•1 views

WordPress plugin WordPress Button Plugin MaxButtons 安全漏洞

5.3CVSS6.2AI score0.00461EPSS

Exploits0References4

CNNVD•added 2024/03/29 12:0 a.m.•2 views

WordPress Plugin Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS8.3AI score0.01159EPSS

Exploits0References3

Patchstack•added 2024/03/29 12:0 a.m.•8 views

WordPress Button Plugin <= 1.1.27 is vulnerable to PHP Object Injection

Software Button Type Plugin Vulnerable versions = 1.1.27 Fixed in 1.1.28 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1872 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d7ad40b2deb7 Credits Francesco Carlucci Required privilege...

8.8CVSS6.8AI score0.01159EPSS

Exploits0References3Affected Software1

CNNVD•added 2024/01/09 12:0 a.m.•2 views

WordPress Plugin WordPress Button Plugin MaxButtons Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Button Plugin...

4.8CVSS5.9AI score0.0012EPSS

Exploits0References3

Patchstack•added 2023/11/28 12:0 a.m.•12 views

WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Broken Access Control

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49154 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0051a12ba9e7 Credits Elli...

6.6AI score0.00182EPSS

Exploits0References2Affected Software1

Patchstack•added 2023/11/28 12:0 a.m.•21 views

WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-49155 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f69c6cdb268...

8.8CVSS6.6AI score0.00082EPSS

Exploits0References2Affected Software1

NVD•added 2023/07/25 2:15 p.m.•13 views

CVE-2023-36503

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin = 9.5.3 versions...

6.5CVSS6AI score0.00103EPSS

Exploits0References1

Patchstack•added 2023/05/25 12:0 a.m.•9 views

WordPress Button Generator – easily Button Builder Plugin <= 2.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.5 Fixed in 2.3.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ad530edff5de...

6.5CVSS6.6AI score0.00075EPSS

Exploits0References2Affected Software1

Patchstack•added 2023/05/12 12:0 a.m.•6 views

WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Software Button Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23871 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 53d7594604e4 Credits yuyudhn Required privilege...

5.9CVSS5.8AI score0.0008EPSS

Exploits0References2Affected Software1

Patchstack•added 2023/04/18 12:0 a.m.•9 views

WordPress Button Builder – Buttons X Plugin <= 0.8.6 is vulnerable to Cross Site Scripting (XSS)

Software Button Builder – Buttons X Type Plugin Vulnerable versions = 0.8.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23867 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 97c89a33bd2e Credits István Márton...

6.5CVSS6AI score0.00181EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by