CVE-2025-24018

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

WordPress plugin FireCask Like & Share Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

CVE-2024-13401

CVE-2024-13401 affects the WordPress PayPal Payment Button plugin up to version 1.2.3.35. The vulnerability is a Stored XSS in the wp_paypal_checkout shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated access at ...

PT-2025-2157 · WordPress · Payment Button For Paypal

Name of the Vulnerable Software and Affected Versions: Payment Button for PayPal plugin for WordPress versions up to, and including, 1.2.3.35 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the wp paypal checkout shortcode. Thi...

The vulnerability of the Drupal CMS system’s Browser Back Button module, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Drupal CMS system’s Browser Back Button feature is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2025-23471

Cross-Site Request Forgery CSRF vulnerability in etemplates ECT Add to Cart Button ect-add-to-cart-button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through = 1.4...

CVE-2025-23471

CVE-2025-23471 describes a CSRF weakness in the ECT Add to Cart Button (Andy Chapman) that can lead to Stored XSS. Affected product: ECT Add to Cart Button; affected range: up to version 1.4 (from n/a through 1.4). Connected sources confirm the same description but do not provide technical detail...

CVE-2025-23471 WordPress ECT Add to Cart Button plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Andy Chapman ECT Add to Cart Button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through 1.4...

CVE-2025-23471 WordPress ECT Add to Cart Button plugin <= 1.4 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in etemplates ECT Add to Cart Button ect-add-to-cart-button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through = 1.4...

WordPress Payment Button for PayPal plugin <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by yudha in WordPress Plugin Payment Button for PayPal versions = 1.2.3.35...

WordPress Sticky Button plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Sticky Button versions = 1.0...

WordPress pootle button plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Pootle button versions = 1.2.0...

WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Random Posts, Mp3 Player + ShareButton versions = 1.4.1...

PT-2025-4896 · Unknown · Ect Add To Cart Button

Name of the Vulnerable Software and Affected Versions: ECT Add to Cart Button versions 1.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

WordPress plugin ECT Add to Cart Button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin ECT Add t...

CVE-2025-22787

Missing Authorization vulnerability in bPlugins Button Block button-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through = 1.1.5...

CVE-2025-22787

Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5...

CVE-2025-22787

CVE-2025-22787 is a Missing Authorization vulnerability in the WordPress plugin Button Block by bPlugins LLC , affecting versions up to 1.1.5. Per the provided documents, the CVE is associated with access to functions not properly constrained by ACLs, with a CVSS v3.1 base score of 8.8 (High) , a...

WordPress plugin Button Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

PT-2025-4701 · Bplugins Llc · Button Block

Name of the Vulnerable Software and Affected Versions: bPlugins LLC Button Block versions 1.1.5 and earlier Description: The issue is related to missing authorization in bPlugins LLC Button Block, allowing access to functionality not properly constrained by Access Control Lists ACLs. This means...