Cross-site Scripting (XSS)

Overview react-draft-wysiwyg is an A wysiwyg on top of DraftJS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag. Details Cross-site scripting or XSS is a code vulnerability that occurs whe...

WordPress Elementor Button Plus plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Elementor Button Plus versions = 1.3.9...

CVE-2024-6485

A vulnerability was found in bootstrap associated with the data-loading-text attribute within the button plugin. This vulnerability allows malicious JavaScript code to be injected into the attribute, which is then executed when the button's loading state is triggered...

CVE-2024-11192

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Spotify Play Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-16809 · WordPress · Spotify Play Button

Name of the Vulnerable Software and Affected Versions: Spotify Play Button for WordPress plugin versions up to and including 2.11 Description: The issue concerns Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

openSUSE Security Advisory (SUSE-SU-2024:4050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Sp*tify Play Button for WordPress plugin <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via spotifyplaybutton Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Sptify Play Button for WordPress versions = 2.11...

CVE-2024-10116

The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10116 Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter

The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10116

The CVE 2024-10116 entry concerns the Twitter Follow Button plugin for WordPress (affected versions: all up to 0.2). It describes a Stored Cross-Site Scripting vulnerability via the username parameter, caused by insufficient input sanitization and output escaping. Exploitation requires authentica...

CVE-2024-10116 Twitter Follow Button <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter

The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress plugin Twitter Follow Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

WordPress Twitter Follow Button plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via username Parameter vulnerability discovered by Francesco Carlucci in WordPress Plugin Twitter Follow Button versions = 0.2...

WordPress Google Plus Share and +1 Button Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Google Plus Share and +1 Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-53723 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1172091fa78a Credits SOPROBR...

WordPress Twitter Follow Button Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software Twitter Follow Button Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10116 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c7792e36646e Credits Francesco Carlucci...

PT-2024-16038 · WordPress · Twitter Follow Button

Name of the Vulnerable Software and Affected Versions: Twitter Follow Button plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the username parameter due to insufficient input sanitization and output escaping. This allows...

WordPress Button Block plugin <= 1.1.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Button Block versions = 1.1.4...

CVE-2024-10671

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10671 Button Block – Get fully customizable & multi-functional buttons <= 1.1.4 - Authenticated (Contributor+) Post Disclosure

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...