3 matches found
CVE-2021-24992
The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24992 Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting
The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24992
The CVE-2021-24992 issue affects the WordPress Buttonizer (Smart Floating / Sticky Buttons) plugin for WordPress, prior to version 2.5.5. The root cause is failure to sanitise and escape certain parameters before outputting them in HTML attributes and pages, enabling stored Cross-Site Scripting b...