3 matches found
CVE-2026-4279
The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The...
CVE-2026-4279
The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode attribute. The...
CVE-2026-4279
CVE-2026-4279 affects the Bread & Butter WordPress plugin up to version 8.2.0.25. The vulnerability is a Stored XSS via the breadbutter-customevent-button shortcode, caused by insufficient sanitization and output escaping of the ‘event’ attribute, which is directly interpolated into a JavaScript ...