2673 matches found
WordPress Button Generator plugin < 3.0 - Button Deletion via CSRF vulnerability
Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Button Generator – easily Button Builder versions 3.0...
CVE-2024-3471
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack...
CVE-2024-3471
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack...
CVE-2024-3475 Sticky Buttons < 3.2.4 - Button Deletion via CSRF
The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...
CVE-2024-3471 Button Generator < 3.0 - Button Deletion via CSRF
The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack...
WordPress Button Generator – easily Button Builder Plugin < 3.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Button Generator – easily Button Builder Type Plugin Vulnerable versions 3.0 Fixed in 3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3471 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aca54546afa3 Credits B...
WordPress plugin Exclusive Addons for Elementor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-21922 · WordPress · Exclusive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9.3 Description: The issue arises from insufficient input sanitization and output escaping in the URL attribute of the Button widget, allowing authenticate...
Button contact VR <= 4.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Click on the "Button contact" and chan...
WordPress plugin Button Generator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...
PT-2024-26124 · WordPress · Button Generator
Name of the Vulnerable Software and Affected Versions: The Button Generator WordPress plugin versions prior to 3.0 Description: The issue is related to the lack of a CSRF check when bulk deleting, which could allow attackers to make a logged-in admin delete buttons via a CSRF attack...
xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leadin...
xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...
xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved...
xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leadin...
RHEL 9 : xorg-x11-server-Xwayland (RHSA-2024:2170)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2170 advisory. Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Out-of-bounds write in...
Coupon & Discount Code Reveal Button < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Description The Coupon & Discount Code Reveal Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)
Software CodeBard's Patron Button and Widgets for Patreon Type Plugin Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33928 Patch priority Medium CVSS severity Medium 7.1 Developer Codebard PSID f0b671d6d681 Credits Le Ngoc...
WordPress Call Now Button plugin < 1.4.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dikshita Trivedi Cybersecdexter in WordPress Plugin Call Now Button versions 1.4.7...
CVE-2024-2908
The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...