2673 matches found
CVE-2023-47829
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codez Quick Call Button plugin = 1.2.9 versions...
CVE-2023-41131
Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...
CVE-2023-23867
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Gautam Thapar Button Builder – Buttons X plugin = 0.8.6 versions...
CVE-2023-49155
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Button Generator – easily Button Builder.This issue affects Button Generator – easily Button Builder: from n/a through 2.3.8...
CVE-2023-27445
Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...
CVE-2023-51683
Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.This issue affects Easy PayPal & Stripe Buy Now Button: from n/a through 1.8.1...
CVE-2023-46613
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Jens Kuerschner Add to Calendar Button plugin = 1.5.1 versions...
CVE-2023-28933
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in StPeteDesign Call Now Accessibility Button plugin = 1.1 versions...
CVE-2023-31088
Cross-Site Request Forgery CSRF vulnerability in Faraz Quazi Floating Action Button plugin = 1.2.1 versions...
CVE-2023-22686
Cross-Site Request Forgery CSRF vulnerability in TriniTronic Nice PayPal Button Lite plugin = 1.3.5 versions...
CVE-2023-48768
Cross-Site Request Forgery CSRF vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.This issue affects Quantity Plus Minus Button for WooCommerce by CodeAstrology: from n/a through 1.1.9...
CVE-2023-3922
An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page...
CVE-2023-32292
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in GetButton Chat Button by GetButton.Io plugin = 1.8.9.4 versions...
CVE-2023-2635
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-25783
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Alex Moss FireCask Like & Share Button plugin = 1.1.5 versions...
CVE-2023-2078
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for...
CVE-2023-1840
The Sptify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2023-27452
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Wow-Company Button Generator – easily Button Builder plugin = 2.3.3 versions...
CVE-2023-27643
An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library...
CVE-2023-51399
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...