Envo Extra < 1.8.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget

Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Spotify Play Button <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC spotify-play...

PT-2024-30607 · WordPress · Qi Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Qi Addons For Elementor plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's button widgets due to insufficient input sanitization and output escaping on...

Spotify Play Button <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. spotify-play...

WordPress tagDiv Composer plugin <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via button Shortcode vulnerability discovered by Truoc Phan in WordPress Plugin tagDiv Composer versions = 4.8...

CVE-2024-35643

Cross Site Scripting XSS vulnerability in Xabier Miranda WP Back Button allows Stored XSS.This issue affects WP Back Button: from n/a through 1.1.3...

CVE-2024-35643 WordPress WP Back Button plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Xabier Miranda WP Back Button allows Stored XSS.This issue affects WP Back Button: from n/a through 1.1.3...

PT-2024-26590 · WordPress · Xabier Miranda Wp Back Button

Name of the Vulnerable Software and Affected Versions: Xabier Miranda WP Back Button versions 1.1.3 and earlier Description: The issue is a Cross Site Scripting XSS vulnerability, specifically a Stored XSS, in Xabier Miranda WP Back Button. This allows an attacker to inject malicious scripts into...

CVE-2024-5041

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

PT-2024-34183 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.9 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...

WordPress WP Back Button plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by alfido osdie Patchstack Alliance in WordPress Plugin WP Back Button versions = 1.1.3...

WordPress WP Back Button Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Back Button Type Plugin Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35643 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 90452d019b78 Credits alfido osdie Patchstack Alliance Required...

EulerOS 2.0 SP12 : xorg-x11-server (EulerOS-SA-2024-1781)

According to the versions of the xorg-x11-server package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, i...

CVE-2024-4485

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncustomattributes’ parameter in versions up to, and including, 5.5.2 due to insufficient input sanitization and...

PT-2024-31279 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress versions up to, and including, 5.5.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient...

WordPress Button contact VR plugin < 4.7.7 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Button contact VR versions 4.7.7...

CVE-2024-3648

The ShareThis Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sharethis-inline-button' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS

The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Button contact VR Plugin < 4.7.7 is vulnerable to Cross Site Scripting (XSS)

Software Button contact VR Type Plugin Vulnerable versions 4.7.7 Fixed in 4.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2220 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2f62fd31490e Credits Dmitrii Ignatyev Require...

WordPress plugin PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin PayPal Pay Now, Buy Now, Donation...