CVE-2024-1392

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

CVE-2024-1761

The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it...

CVE-2024-1057

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuitebutton' shortcode in all versions up to, and including, 2.8.1 due to insufficient input...

CVE-2024-1157

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...

CVE-2024-10851

The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to injec...

CVE-2024-10671

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the btnblock shortcode due to insufficient restrictions on which posts can be included. This makes it possible for...

CVE-2024-10116

The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10168

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wootbutton shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user...

CVE-2024-9505

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-11192

The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-11813

The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.1. This is due to missing or incorrect nonce validation on the aminchatbuttonsettingspage function. This makes it possible for unauthenticated attackers to update...

CVE-2024-37217

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ProWCPlugins Empty Cart Button for WooCommerce allows Stored XSS.This issue affects Empty Cart Button for WooCommerce: from n/a through 1.3.8...

CVE-2024-53746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FlickDevs Elementor Button Plus fd-elementor-button-plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through = 1.3.9...

CVE-2024-53745

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 코스모스팜 - Cosmosfarm 소셜 공유 버튼 By 코스모스팜 cosmosfarm-share-buttons allows Stored XSS.This issue affects 소셜 공유 버튼 By 코스모스팜: from n/a through = 1.9...

CVE-2024-11841

The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-51866

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in riponshah Social button social-button allows Stored XSS.This issue affects Social button: from n/a through = 1.3...

CVE-2024-50414

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through = 4.7.9.1...

CVE-2023-52149

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...

CVE-2023-21280

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-30491

Unauth. Reflected Cross-Site Scripting XSS vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.8 versions...