CVE-2024-10671 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10671 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

PT-2024-16448 · WordPress · The Button Block

Name of the Vulnerable Software and Affected Versions: The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress versions up to, and including, 1.1.4 Description: The issue allows authenticated attackers with Contributor-level access and above to extract data from...

WordPress Button Block Plugin <= 1.1.4 is vulnerable to Broken Authentication

Software Button Block Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-10671 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID ae07da220d1c Credits...

WordPress plugin Button Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

WordPress Add Chat App Button plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Add Chat App Button versions = 2.1.5...

PT-2024-16995 · WordPress · Grey Owl Lightbox

Name of the Vulnerable Software and Affected Versions: The Grey Owl Lightbox plugin for WordPress versions up to, and including, 1.6.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'gol button' shortcode due to insufficient input sanitization and output escapin...

WordPress Add Chat App Button Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Add Chat App Button Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.8 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-52489 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6803fb6fee9d Credits UKO Required privilege...

CVE-2024-51866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riponshah Social button social-button allows Stored XSS.This issue affects Social button: from n/a through = 1.3...

CVE-2024-51866 WordPress Social button plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mr. Riponshah Social button allows Stored XSS.This issue affects Social button: from n/a through 1.3...

CVE-2024-51866 WordPress Social button plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riponshah Social button social-button allows Stored XSS.This issue affects Social button: from n/a through = 1.3...

WordPress plugin Social button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-34996 · Unknown · Mr. Riponshah Social Button

Name of the Vulnerable Software and Affected Versions: Mr. Riponshah Social button versions n/a through 1.3 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious...

WordPress plugin Steel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16063 · WordPress · Steel

Name of the Vulnerable Software and Affected Versions: The Steel plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's btn shortcode due to insufficient input sanitization and output escaping on user-supplied...

firefox: thunderbird: Clipboard "paste" button persisted across tabs

The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack...

firefox: thunderbird: Clipboard "paste" button persisted across tabs

The Mozilla Foundation's Security Advisory: A clipboard "paste" button could persist across tabs which allowed a spoofing attack...

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10850

The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...