CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

Vulnrichment•added 2023/08/08 12:55 p.m.•8 views

CVE-2023-32292 WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...

5.9CVSS5.6AI score0.00087EPSS

Exploits0References1

Cvelist•added 2023/08/08 12:55 p.m.•15 views

CVE-2023-32292 WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...

5.9CVSS5.5AI score0.00087EPSS

Exploits0References1

NVD•added 2023/07/25 2:15 p.m.•12 views

CVE-2023-36503

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin = 9.5.3 versions...

6.5CVSS6AI score0.00103EPSS

Exploits0References1

CVE•added 2023/07/25 1:50 p.m.•78 views

CVE-2023-36503

CVE-2023-36503 affects the WordPress plugin MaxButtons (MaxFoundry) for versions

6.5CVSS5.7AI score0.00103EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/07/17 12:0 a.m.•5 views

WordPress Chat Button Plugin <= 1.8.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Chat Button Type Plugin Vulnerable versions = 1.8.9.4 Fixed in 1.8.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32292 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c87f016ddc7 Credits Jayasuryapal G Required...

5.9CVSS5.7AI score0.00087EPSS

Exploits0References2Affected Software1

Prion•added 2023/06/13 4:15 p.m.•16 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...

4.3CVSS4.8AI score0.0008EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/06/12 3:10 p.m.•10 views

CVE-2023-28933 WordPress Call Now Accessibility Button Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...

5.9CVSS5.6AI score0.0008EPSS

Exploits0References1

CVE•added 2023/06/12 3:10 p.m.•36 views

CVE-2023-28933

CVE-2023-28933 affects the WordPress plugin Call Now Accessibility Button by StPeteDesign, version

5.9CVSS5.1AI score0.0008EPSS

Exploits0References1Affected Software1

CNNVD•added 2023/06/12 12:0 a.m.•2 views

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

6.1CVSS6.8AI score0.00148EPSS

Exploits2References2

Positive Technologies•added 2023/05/23 12:0 a.m.•3 views

PT-2023-20100 · Podlove · Podlove Subscribe Button Plugin

Name of the Vulnerable Software and Affected Versions: Podlove Podlove Subscribe button plugin versions 1.3.7 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...

8.8CVSS8.8AI score0.00104EPSS

Exploits0References4

Patchstack•added 2023/05/12 12:0 a.m.•6 views

WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Software Button Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23871 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 53d7594604e4 Credits yuyudhn Required privilege...

5.9CVSS5.8AI score0.0008EPSS

Exploits0References2Affected Software1

Prion•added 2023/02/15 7:15 p.m.•11 views

Design/Logic Flaw

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...

2.1CVSS4.9AI score0.00088EPSS

Exploits0References1

Vulnrichment•added 2023/02/15 12:0 a.m.•6 views

CVE-2023-24499 Butterfly Button plugin may leave traces of its use on user's device

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...

4.3CVSS4.8AI score0.00088EPSS

Exploits0References1

Cvelist•added 2023/02/15 12:0 a.m.•9 views

CVE-2023-24499 Butterfly Button plugin may leave traces of its use on user's device

Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use...

4.3CVSS5.1AI score0.00088EPSS

Exploits0References1

OSV•added 2022/12/12 6:15 p.m.•2 views

CVE-2022-4005

The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00252EPSS

Exploits2References1

Positive Technologies•added 2022/12/12 12:0 a.m.•2 views

PT-2022-25172 · Twilio · Twilio

Name of the Vulnerable Software and Affected Versions: Donation Button WordPress plugin versions through 4.0.0 Description: The issue concerns a lack of proper privilege and nonce token checks in the donation button twilio send test sms AJAX action. This may allow users with an account on the...

4.3CVSS4.7AI score0.00153EPSS

Exploits2References4

Prion•added 2022/09/23 2:15 p.m.•13 views

Cross site scripting

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in Max Foundry Button Plugin MaxButtons plugin = 9.2 at WordPress...

4.3CVSS4.9AI score0.00322EPSS

Exploits0References2Affected Software1

Patchstack•added 2022/08/02 12:0 a.m.•23 views

WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Button Plugin MaxButtons plugin versions = 9.2. Solution Update the WordPress MaxButtons plugin to the latest available version at least 9.3...

4.8CVSS3.1AI score0.00322EPSS

Exploits0Affected Software1

WPVulnDB•added 2022/08/01 12:0 a.m.•19 views

Button Plugin MaxButtons < 9.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS2.3AI score0.00322EPSS

Exploits0Affected Software1

ATTACKERKB•added 2022/05/16 3:15 p.m.•3 views

CVE-2022-1217

The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.0021EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by