PT-2024-12476 · WordPress · Change Woocommerce Add To Cart Button Text

Name of the Vulnerable Software and Affected Versions: Change WooCommerce Add To Cart Button Text versions 1.3 and earlier Description: The issue affects the Change WooCommerce Add To Cart Button Text plugin, allowing exploitation of incorrectly configured access control security levels due to a...

WordPress CRUDLab Google Plus Button plugin <= 1.0.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin CRUDLab Google Plus Button versions = 1.0.2...

DRUPAL-CONTRIB-2024-072

This module provides a block that renders a link providing the functionality of a browser's back button. The module does not sufficiently escape text entered by an administrator, resulting in a cross scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...

Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072

This module provides a block that renders a link providing the functionality of a browser's back button. The module does not sufficiently escape text entered by an administrator, resulting in a cross scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a...

Drupal Browser Back Button module 1.0.0-2.0.1 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Patrick Fey in WordPress Module Browser Back Button versions 1.0.0-2.0.1...

CVE-2023-49154

Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

CVE-2023-47820

Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0...

CVE-2023-25454 WordPress Protected Posts Logout Button plugin <= 1.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5...

CVE-2023-25454

CVE-2023-25454 maps to the WordPress Protected Posts Logout Button plugin vulnerability (

CVE-2023-49154 WordPress Button Generator – easily Button Builder plugin <= 2.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Wow-Company Button Generator – easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...

Malicious code in update-button-module (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11480 Malicious code in update-button-module (npm)

--- -= Per source details. Do not edit below this line.=-...

WordPress plugin Button Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin WP Like Button 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16921 · WordPress · Smart Popup Blaster

Name of the Vulnerable Software and Affected Versions: Smart PopUp Blaster plugin for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode due to insufficient input sanitization and output escaping ...

WordPress plugin Smart PopUp Blaster 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

CVE-2024-11813

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

CVE-2024-11813 Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

CVE-2024-11813 Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

CVE-2024-11813

CVE-2024-11813 affects the WordPress plugin Pulsating Chat Button (versions ≤ 1.3.6). The flaw is a Cross-Site Request Forgery that exploits missing nonce validation in amin_chat_button_settings_page(), allowing an unauthenticated attacker to trigger actions that update plugin settings and inject...