2670 matches found
CVE-2023-40735
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo – Connecting for a Safer World BUTTERFLY BUTTON Architecture flaw allows loss of plausible deniability and confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21...
CVE-2025-23632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rhizome Networks CG Button content-glass-button allows Reflected XSS.This issue affects CG Button: from n/a through = 1.0.5.6...
CVE-2025-23839
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Asif Shakeel Sticky Button sticky-chat-button allows Stored XSS.This issue affects Sticky Button: from n/a through = 1.0...
CVE-2025-23471
Cross-Site Request Forgery CSRF vulnerability in etemplates ECT Add to Cart Button ect-add-to-cart-button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through = 1.4...
CVE-2025-23758
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pootlepress Pootle button pootle-button allows Reflected XSS.This issue affects Pootle button: from n/a through = 1.2.0...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-14113
The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' shortcode attribute in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14113
The CVE CVE-2025-14113 affects Viitor Button Shortcodes for WordPress (plugin Viitor Button Shortcodes). It is a Stored Cross-Site Scripting (XSS) vulnerability via the link shortcode attribute that affects all versions up to and including 3.0.0, caused by insufficient input sanitization and outp...
CVE-2025-14113 Viitor Button Shortcodes <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute
The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' shortcode attribute in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14113 Viitor Button Shortcodes <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute
The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' shortcode attribute in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-2220
The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2460
The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipressbutton' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
Perch CMS 安全漏洞
Perch CMS is a content management system from Perch. A security vulnerability exists in Perch CMS version 3.2, which stems from a stored cross-site script in the Help button url setting in the admin panel, which could lead to session hijacking, information disclosure, elevation of privilege, or...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
CVE-2025-66686
A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...
PT-2026-1860
Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description A stored Cross-Site Scripting XSS issue exists in Perch CMS. An attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The...
WordPress plugin Viitor Button Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2026-1622
Name of the Vulnerable Software and Affected Versions Viitor Button Shortcodes plugin for WordPress versions up to and including 3.0.0 Description The Viitor Button Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting through the link shortcode attribute. Insufficient inp...