CVE-2024-50414

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Buttonizer Button contact VR button-contact-vr allows Stored XSS.This issue affects Button contact VR: from n/a through = 4.7.9.1...

WordPress Buttonizer Plugin < 3.3.10 is vulnerable to Cross Site Scripting (XSS)

Software Buttonizer Type Plugin Vulnerable versions 3.3.10 Fixed in 3.3.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5c5ce971d99e Credits Rafie Muhammad Patchstack Required...

WordPress Buttonizer plugin < 2.6.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Buttonizer plugin versions 2.6.3. Solution Update the WordPress Buttonizer plugin to the latest available version at least 2.6.3...

WordPress Buttonizer plugin < 2.6.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Buttonizer plugin versions 2.6.3. Solution Update the WordPress Buttonizer plugin to the latest available version at least 2.6.3...

WordPress Buttonizer-Smart Floating Action Button plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. buttonizer-Smart Floating Action Button plugin has a cross-site scripting vulnerability in versions prior to 2.5.5,...

CVE-2021-24992 Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting

The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress Buttonizer plugin <= 2.5.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Dipak Panchal in WordPress Buttonizer plugin versions = 2.5.4. Solution Update the WordPress Buttonizer plugin to the latest available version at least 2.5.5...

Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add/edit a new button, set its Button action to "Website...

Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add/edit a new button, set its Button action to "Website URL"...