CVE-2024-11813 Pulsating Chat Button <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

WordPress plugin Pulsating Chat Button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2024-10135 · Drupal · Drupal Browser Back Button

Name of the Vulnerable Software and Affected Versions: Drupal Browser Back Button versions 1.0.0 through 2.0.2 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can enable a remote attacker to conduct...

WordPress Pulsating Chat Button plugin <= 1.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Pulsating Chat Button versions = 1.4.1...

CVE-2024-52489

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in udidol Add Chat App Button add-whatsapp-button allows Stored XSS.This issue affects Add Chat App Button: from n/a through = 2.1.5...

CVE-2024-52489 WordPress Add Chat App Button plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in udidol Add Chat App Button add-whatsapp-button allows Stored XSS.This issue affects Add Chat App Button: from n/a through = 2.1.5...

CVE-2024-52489

CVE-2024-52489 refers to a stored XSS vulnerability in the WordPress plugin Add Chat App Button (versions &lt;= 2.1.5). The issue arises from improper input neutralization during web page generation, enabling injected scripts. Affected software: WordPress Add Chat App Button plugin

CVE-2024-53723 WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through = 1.0...

CVE-2024-53723

CVE-2024-53723 refers to a Cross-Site Request Forgery (CSRF) that enables Stored XSS in the WordPress plugin Google Plus Share and +1 Button . The advisory states the issue affects versions from n/a through 1.0. The provided documents do not specify a vendor patch, mitigation, or exploit details....

CVE-2024-53723 WordPress Google Plus Share and +1 Button plugin <= 1.0 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through = 1.0...

WordPress plugin Google Plus Share and +1 Button 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin Add Chat App Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

PT-2024-35329 · Udi Dollberg · Add Chat App Button

Name of the Vulnerable Software and Affected Versions: Udi Dollberg Add Chat App Button versions 2.1.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables potentia...

PT-2024-35831 · Unknown · Google Plus Share/+1 Button

Name of the Vulnerable Software and Affected Versions: A.Cihangir BALTACI Google Plus Share and +1 Button versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Google Plus Share and +1 Button. This means an attacker can...

CVE-2024-53745

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 cosmosfarm-share-buttons allows Stored XSS.This issue affects 소셜 공유 버튼 By 코스모스팜: from n/a through = 1.9...

CVE-2024-53746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FlickDevs Elementor Button Plus fd-elementor-button-plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through = 1.3.9...

CVE-2024-53746 WordPress Elementor Button Plus plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FlickDevs Elementor Button Plus fd-elementor-button-plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through = 1.3.9...

WordPress plugin Elementor Button Plus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-35854 · 코스모스팜 · Cosmosfarm 소셜 공유 버튼

Name of the Vulnerable Software and Affected Versions: 코스모스팜 – Cosmosfarm 소셜 공유 버튼 By 코스모스팜 versions n/a through 1.9 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS. Recommendations: F...

PT-2024-35855 · Elementor · Elementor Button Plus

Name of the Vulnerable Software and Affected Versions: Elementor Button Plus versions 1.3.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject...