WordPress Button Plugin <= 1.1.27 is vulnerable to PHP Object Injection

Software Button Type Plugin Vulnerable versions = 1.1.27 Fixed in 1.1.28 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1872 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d7ad40b2deb7 Credits Francesco Carlucci Required privilege...

WordPress Plugin Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-18380 · WordPress · The Button

Name of the Vulnerable Software and Affected Versions: The Button plugin for WordPress versions up to, and including, 1.1.28 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the button shortcode function. This allows authenticated attackers with...

Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open a page with the code below where is an existing button:...

CVE-2024-2131

The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-18853 · WordPress · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor plugin for WordPress versions up to, and including, 1.2.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's infobox and button widget due to insufficient input sanitization and output...

CVE-2024-2460

The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2460

The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2460

The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2460 GamiPress – Button <= 1.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-2460

Summary: The WordPress plugin GamiPress – Button is affected by a stored XSS via the shortcode gamipress_button in versions up to 1.0.7, due to insufficient input sanitization and output escaping. This can be exploited by authenticated users with contributor-level permissions or higher to inject ...

WordPress Plugin UX Flat Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-20471 · WordPress · Ux Flat

Name of the Vulnerable Software and Affected Versions: UX Flat plugin for WordPress versions up to, and including, 4.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'button' shortcode due to insufficient input sanitization and output escaping on user-supplied...

WordPress GamiPress – Button Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS)

Software GamiPress – Button Type Plugin Vulnerable versions = 1.0.7 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2460 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 46fbe1f93240 Credits Francesco Carlucci...

GamiPress – Button < 1.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

PT-2024-20478 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – Button plugin for WordPress versions up to, and including, 1.0.7 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin...

PT-2024-20525 · WordPress · Standout Color Boxes/Buttons

Name of the Vulnerable Software and Affected Versions: The Standout Color Boxes and Buttons plugin for WordPress versions up to, and including, 0.7.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode due to insufficient input sanitization a...

CVE-2024-28237 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

GO-2024-2539 Cross-site request forgery via logout button in github.com/mattermost/mattermost-plugin-jira

Cross-site request forgery via logout button in github.com/mattermost/mattermost-plugin-jira...

WordPress Plugin ElementsKit Elementor addons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...