WordPress Button Plugin MaxButtons < 9.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-6594

CVE-2023-6594 affects WordPress MaxButtons: Stored XSS via admin settings in all versions up to 9.7.4. Exploitation requires administrator-level privileges (or higher) and contexts where unfiltered_html is disabled, with multi-site installations affected. Root cause: insufficient input sanitizati...

WordPress Plugin WordPress Button Plugin MaxButtons Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Button Plugin...

CVE-2023-52149 WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...

WordPress Plugin Floating Button Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

CVE-2023-31088

Cross-Site Request Forgery CSRF vulnerability in Faraz Quazi Floating Action Button plugin = 1.2.1 versions...

CVE-2023-46613

The CVE-2023-46613 entry concerns the WordPress plugin Jens Kuerschner Add to Calendar Button (versions

CVE-2023-46613 WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jens Kuerschner Add to Calendar Button plugin = 1.5.1 versions...

CVE-2023-44987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

CVE-2023-40199

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

CVE-2023-40199 WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

CVE-2023-40199

CVE-2023-40199 describes a Cross-Site Request Forgery (CSRF) vulnerability in the CRUDLab WP Like Button plugin for WordPress, affecting versions

CVE-2023-40199 WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CRUDLab WP Like Button plugin = 1.7.0 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in YYDevelopment Back To The Top Button plugin = 2.1.5 versions...

CVE-2023-2254

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup, and we consider it a low risk...

CVE-2023-23871

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Webdzier Button plugin = 1.1.23 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Webdzier Button plugin = 1.1.23 versions...

CVE-2023-23871 WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Webdzier Button plugin = 1.1.23 versions...

CVE-2023-23871

CVE-2023-23871 affects the WordPress Button (Webdzier Button) plugin

CVE-2023-23871 WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Webdzier Button plugin = 1.1.23 versions...