PT-2025-4701 · Bplugins Llc · Button Block

Name of the Vulnerable Software and Affected Versions: bPlugins LLC Button Block versions 1.1.5 and earlier Description: The issue is related to missing authorization in bPlugins LLC Button Block, allowing access to functionality not properly constrained by Access Control Lists ACLs. This means...

WordPress Button Block plugin <= 1.1.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Button Block versions = 1.1.5...

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link vulnerability

Authenticated contributor+ Stored Cross-Site Scripting via Button Link vulnerability discovered by zer0gh0st in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.4.2...

CVE-2024-13308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...

CVE-2024-13308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...

CVE-2024-13308 Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...

CVE-2024-13308 Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Browser Back Button allows Cross-Site Scripting XSS.This issue affects Browser Back Button: from 1.0.0 before 2.0.2...

CVE-2024-13308

CVE-2024-13308 affects the Drupal Browser Back Button module. The vulnerability is an improper neutralization of input during web page generation (XSS) in the module’s back-button block, stemming from insufficient escaping of administrator-entered text. Affected versions: 1.0.0–2.0.2. Impact desc...

CVE-2025-22815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through = 1.1.9...

CVE-2025-22815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6...

CVE-2025-22815 WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Button Block button-block allows Stored XSS.This issue affects Button Block: from n/a through = 1.1.9...

PT-2025-2032 · WordPress · Unlimited Elements For Elementor

Name of the Vulnerable Software and Affected Versions: Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.135 Description: The issue is related to Stored Cross-Site Scripting via multiple widgets due to insufficient input sanitization and output escaping on...

WordPress plugin Button Block 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2025-4724 · Bplugins Llc · Button Block

Name of the Vulnerable Software and Affected Versions: bPlugins LLC Button Block versions 1.1.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. Recommendations: For bPlugin...

WordPress Button Block plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Button Block versions = 1.1.9...

CVE-2025-22574

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cleanshooter ICS Button ics-button allows Stored XSS.This issue affects ICS Button: from n/a through = 0.6...

CVE-2025-22558

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...

CVE-2025-22558 WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...

CVE-2025-22558

CVE-2025-22558 affects the WordPress plugin mcjh button shortcode . The vulnerability is described as an stored Cross-Site Scripting (XSS) due to improper neutralization of input during web page generation, impacting the mcjh button shortcode from version n/a up to 1.6.4. The CVSS metrics in the ...

CVE-2025-22558 WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus C. J. Hartmann mcjh button shortcode mcjh-button-shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through = 1.6.4...