WordPress plugin RumbleTalk Live Group Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2024-9049

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9049 Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-9049

CVE-2024-9049 — Beaver Builder for WordPress: Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via the Button Group Module in versions up to 2.8.3.6. Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the Button Group. Impact: stored X...

WordPress Beaver Builder plugin <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Button Group Module vulnerability discovered by zer0gh0st in WordPress Plugin Beaver Builder versions = 2.8.3.6...

PT-2024-39390 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin versions up to, and including, 2.8.3.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button Group module due to insufficient input sanitization and output...

CVE-2024-44064

Cross-Site Request Forgery CSRF vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting XSS.This issue affects Like Button Rating: from n/a through 2.6.54...

CVE-2024-44064

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LikeBtn Like Button Rating likebtn-like-button.This issue affects Like Button Rating: from n/a through = 2.6.53...

CVE-2024-44064

CVE-2024-44064 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin LikeBtn – Like Button Rating that also allows Cross-Site Scripting (XSS). It affects versions up to and including 2.6.54 . The connected sources consistently describe the issue as CSRF with an XSS outcome ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /wireui/button endpoint, in the label query parameter. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted...

Online Notice Board System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Notice Board System project 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozil...

PT-2024-30932 · Unknown · Like Button Rating

Name of the Vulnerable Software and Affected Versions: Like Button Rating versions through 2.6.54 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS. Recommendations: For versions through 2.6.54, update to a version that...

PT-2024-31783 · Wire Ui · Wire Ui

Name of the Vulnerable Software and Affected Versions: Wire UI versions prior to 1.19.3 Wire UI versions prior to 2.1.3 Description: A potential Cross-Site Scripting XSS vulnerability has been identified in the "/wireui/button" endpoint, specifically through the label query parameter. Malicious...

CVE-2024-5870

The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5869

The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-5789

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5867

The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5869 Neighborly <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-5869

CVE-2024-5869 refers to the Neighborly WordPress theme (

CVE-2024-5870 Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...