Button Generator < 3.0 - Button Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack Make a logged in admin open an HTML file containing: action...

Sticky Buttons < 3.2.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

Sticky Buttons < 3.2.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...

Button Generator < 3.0 - Button Deletion via CSRF

Description The plugin does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack PoC Make a logged in admin open an HTML file containing: action...

GHSA-3F95-MXQ2-2F63 Duplicate Advisory: Gradio Local File Inclusion vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m842-4qm8-7gpq. This link is maintained to preserve external references. Original Description gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied...

CVE-2024-2181

The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Plugin JetWidgets For Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-19068 · Wpzoom · Beaver Builder Addons

Name of the Vulnerable Software and Affected Versions: Beaver Builder Addons by WPZOOM plugin for WordPress versions up to, and including, 1.3.4 Description: The issue is related to Stored Cross-Site Scripting via the Button widget due to insufficient input sanitization and output escaping. This...

WordPress Global Elementor Buttons plugin <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via button link vulnerability discovered by Francesco Carlucci in WordPress Plugin Global Elementor Buttons versions = 1.1.0...

CVE-2024-2925

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress Plugin Beaver Builder – WordPress Page Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-22840 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin versions up to, and including, 2.8.0.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Button Widget due to insufficient input sanitization and output escapi...

CVE-2024-2141

The Ultimate Addons for Beaver Builder – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-1238

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button ID parameter in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contribut...

WordPress Plugin Ultimate Addons for Beaver Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin ElementsKit Elementor addons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-17573 · WordPress · Elementskit Elementor Addons

Name of the Vulnerable Software and Affected Versions: ElementsKit Elementor addons plugin for WordPress versions up to, and including, 3.0.6 Description: The issue is related to Stored Cross-Site Scripting via the button ID parameter due to insufficient input sanitization and output escaping. Th...

PT-2024-18869 · WordPress · Ultimate Addons For Beaver Builder – Lite

Name of the Vulnerable Software and Affected Versions: Ultimate Addons for Beaver Builder – Lite plugin for WordPress versions up to, and including, 1.5.7 Description: The issue is related to Stored Cross-Site Scripting via the Button widget due to insufficient input sanitization and output...

WordPress Button plugin <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in buttonshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Button versions = 1.1.27...

CVE-2024-1872 Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...