CVE-2025-22574

CVE-2025-22574 describes a Stored Cross-Site Scripting (XSS) vulnerability in the ICS Button WordPress plugin. The issue is caused by improper neutralization of input during web page generation, enabling malicious scripts to be stored and served to users. Affected range: ICS Button from inception...

CVE-2025-22574 WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cleanshooter ICS Button ics-button allows Stored XSS.This issue affects ICS Button: from n/a through = 0.6...

WordPress mcjh button shortcode plugin <= 1.6.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin mcjh button shortcode versions = 1.6.4...

WordPress ICS Button plugin <= 0.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ICS Button versions = 0.6...

PT-2025-4549 · Unknown · Mcjh Button Shortcode

Name of the Vulnerable Software and Affected Versions: mcjh button shortcode versions 1.6.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For...

WordPress plugin ICS Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin mcjh button shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2025-4563 · Unknown · Ics Button

Name of the Vulnerable Software and Affected Versions: ICS Button versions 0.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. This enables attackers to inject malicious...

The surprising existence of the erase button on cockpit voice recorders

Introduction Safety and transparency are important in aviation. One tool that helps here is the Cockpit Voice Recorder CVR, which records audio from the cockpit during flights. It is crucial for accident investigations, helping authorities understand what happened before an incident. However, you...

PT-2025-42561

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to the escaping of the submit button label for Codex-based HTML forms. This could potentially lead to issues with how the submit button is displayed or...

PT-2024-17322 · WordPress · Ninjateam Chat For Telegram

Name of the Vulnerable Software and Affected Versions: NinjaTeam Chat for Telegram plugin for WordPress version 1.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'njtele button' shortcode in the NinjaTeam Chat for Telegram plugin for WordPress. This...

PT-2024-17677 · WordPress · Wordpress Simple Shopping Cart

Name of the Vulnerable Software and Affected Versions: WordPress Simple Shopping Cart plugin versions up to and including 5.0.7 Description: The issue is related to stored Cross-Site Scripting XSS due to insufficient input sanitization and output escaping on user-supplied attributes. This allows...

WordPress MaxButtons plugin < 9.8.1 - Admin+ Stored XSS via Button Width vulnerability

Admin+ Stored XSS via Button Width vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MaxButtons versions 9.8.1...

CVE-2024-8968

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

CVE-2024-10555

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

WordPress plugin WordPress Button Plugin MaxButtons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin WordPress Button Plugin MaxButtons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

WordPress plugin Spoki 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2024-17327 · WordPress · Spoki

Name of the Vulnerable Software and Affected Versions: Spoki – Chat Buttons and WooCommerce Notifications plugin for WordPress versions up to, and including, 2.15.14 Description: The issue is related to Stored Cross-Site Scripting via the plugin's spoki button shortcode due to insufficient input...

CVE-2024-12560

The Button Block – Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btnblockduplicatepost' function. This makes it possible for authenticated attackers, with Contributor-leve...