2673 matches found
EUVD-2025-201518
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13907
The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13898
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2025-13857 Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13857 Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclapbutton shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-13907 CSS3 Buttons <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-13898
The Ultra Skype Button WordPress plugin (Ultra Skype Button, Plugin Slug: ultra-skype-button) is affected by CVE-2025-13898: a Stored Cross-Site Scripting vulnerability in the btn_id attribute of the [ultra_skype] shortcode. Affects all versions up to 1.0. Root cause: insufficient input sanitizat...
CVE-2025-13898 Ultra Skype Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btnid' parameter of the ultraskype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
PT-2025-49353
The CSS3 Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-49351
The Ultra Skype Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn id' parameter of the ultra skype shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
WordPress plugin Ultra Skype Button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-49347
The Yet Another WebClap for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' parameter of the webclap button shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Ultra Skype Button plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'btnid' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Ultra Skype Button versions = 1.0...
XSS in Bootstrap button component
...
MAL-2025-190973 Malicious code in itobuz-angular-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a1e5a2f36eaf45beca864b2fa27d356d6d087ab2083dae3a6fab3dc08561357 The package itobuz-angular-button was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199070
Malicious code in itobuz-angular-button npm...
Malicious code in itobuz-angular-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5a1e5a2f36eaf45beca864b2fa27d356d6d087ab2083dae3a6fab3dc08561357 The package itobuz-angular-button was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190970 Malicious code in ito-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9cf5ba13f206c5d1d757c2cf05286ee560131e1fcb7075df3f36ebb148077f3 The package ito-button was found to contain malicious code. Source: ghsa-malware 03f8f135ee783bb27854daa06728ae760fbffe751ad120740d501a29f4b1a68a Any...
EUVD-2025-199073
Malicious code in ito-button npm...
Malicious code in ito-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9cf5ba13f206c5d1d757c2cf05286ee560131e1fcb7075df3f36ebb148077f3 The package ito-button was found to contain malicious code. Source: ghsa-malware 03f8f135ee783bb27854daa06728ae760fbffe751ad120740d501a29f4b1a68a Any...