Lucene search
K

4 matches found

NVD
NVD
added 2024/03/18 7:15 p.m.29 views

CVE-2024-0711

The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

6.1CVSS5.6AI score0.00413EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/03/18 7:5 p.m.25 views

CVE-2024-0711 Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode

The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.8AI score0.00413EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/03/18 7:5 p.m.16 views

CVE-2024-0711 Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode

The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.9AI score0.00413EPSS
Exploits2References1
CVE
CVE
added 2024/03/18 7:5 p.m.75 views

CVE-2024-0711

The CVE-2024-0711 issue affects the WordPress plugin Buttons Shortcode and Widget (versions up to 1.16). The vulnerability stems from failure to validate and escape certain shortcode attributes before output, enabling a Stored XSS when the shortcode is embedded in posts/pages. Impact scope includ...

6.1CVSS6AI score0.00413EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder