CVE-2024-50414

CVE-2024-50414 affects the WordPress Button contact VR plugin (versions

CVE-2024-50414 WordPress Button contact VR plugin <= 4.7.9.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through = 4.7.9.1...

WordPress Beaver Builder plugin <= 2.8.4.2 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Widget vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Widget vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.4.2...

PT-2024-34188 · Unknown · Button Contact Vr

Name of the Vulnerable Software and Affected Versions: Button contact VR versions n/a through 4.7.9.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For...

WordPress plugin Button contact VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 132, which stems from the clipboard paste button persisting in tabs that allow spoofing attacks...

CVE-2024-10150

The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-10150

The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-10150

CVE-2024-10150 concerns the Bamazoo – Button Generator WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in the dgs shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to and including 1.0. Exploi...

CVE-2024-10150 Bamazoo – Button Generator <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dgs Shortcode

The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-10148 Awesome buttons <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn2 Shortcode

The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

PT-2024-16065 · WordPress · Bamazoo – Button Generator

Name of the Vulnerable Software and Affected Versions: Bamazoo – Button Generator plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's dgs shortcode. This allows...

WordPress plugin Bamazoo – Button Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Bamazoo – Button Generator plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Bamazoo Button Generator versions = 1.0...

WordPress Button contact VR plugin <= 4.7.9.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin Button contact VR versions = 4.7.9.1...

WordPress Bamazoo Button Generator Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Bamazoo Button Generator Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10150 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 296ef2edb58f Credits Francesco Carlucci...

WordPress Button contact VR Plugin <= 4.7.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions = 4.7.9.1 Fixed in 4.7.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50414 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8a3582798f30 Credits UKO Required privilege...

CVE-2024-9703

The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2024-10014

The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-10014

CVE-2024-10014 – Flat UI Button (WordPress) XSS Affected: Flat UI Button plugin for WordPress, version 1.0 and earlier. Root cause: Insufficient input sanitization and output escaping on user-supplied attributes within the flatbtn shortcode. Impact: Stored Cross‑Site Scripting that can execute ar...