CVE-2023-31088

Cross-Site Request Forgery CSRF vulnerability in Faraz Quazi Floating Action Button plugin = 1.2.1 versions...

CVE-2022-4004

The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes t...

CVE-2021-25058

The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting XSS within the Twitter username to mention text field...

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

CVE-2025-23758

CVE-2025-23758 affects the WordPress pootle-button plugin (NotFound Pootle button); vulnerability is a Reflected XSS in the plugin’s input handling, affecting versions up to 1.2.0. Exploitation details are not provided beyond the vulnerability type. Remediation: upgrade to version 1.2.0 or later ...

WordPress pootle button plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Pootle button versions = 1.2.0...

CVE-2025-22574 WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cleanshooter ICS Button ics-button allows Stored XSS.This issue affects ICS Button: from n/a through = 0.6...

WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ICS Button versions = 0.6...

CVE-2024-8968

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

CVE-2024-10555

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

WordPress plugin WordPress Button Plugin MaxButtons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin WordPress Button Plugin MaxButtons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

WordPress plugin WP Like Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-6485

A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered...

WordPress plugin Social button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

PT-2024-16590 · Razorpay · Razorpay Payment Button Plugin

Name of the Vulnerable Software and Affected Versions: Razorpay Payment Button Plugin versions prior to 2.4.6 Description: The Razorpay Payment Button Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate...

CVE-2024-6499

CVE-2024-6499 refers to the WordPress Button Plugin MaxButtons vulnerability. The MaxButtons plugin (WordPress Button Plugin MaxButtons) versions up to and including 9.7.8 expose full filesystem paths, enabling unauthenticated attackers to obtain instance paths. The risk is information exposure w...

CVE-2024-3026 WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS

The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribut...