4 matches found
CVE-2024-0711
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2024-0711 Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2024-0711 Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2024-0711
The CVE-2024-0711 issue affects the WordPress plugin Buttons Shortcode and Widget (versions up to 1.16). The vulnerability stems from failure to validate and escape certain shortcode attributes before output, enabling a Stored XSS when the shortcode is embedded in posts/pages. Impact scope includ...