2 matches found
CVE-2025-6687
The CVE concerns the WordPress plugin Magic Buttons for Elementor . Affected: the plugin’s magic-button shortcode in all versions up to 1.0. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling a Stored Cross-Site Scripting (Stored XSS) vulnerabili...
WordPress Magic Buttons for Elementor plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via magic-button Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Magic Buttons for Elementor versions = 1.0...