EUVD-2025-19682

Malicious code in bioql PyPI...

CVE-2025-6687

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on the 'icon' user supplied attributes. This makes it...

CVE-2025-6687

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6686

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on the 'text' user supplied attribute. This makes it...

CVE-2025-6686 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on the 'text' user supplied attribute. This makes it...

CVE-2025-6686 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode

The Magic Buttons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's magic-button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-6686

The WordPress plugin Magic Buttons for Elementor is affected by a stored cross-site scripting (XSS) flaw in the magic-button shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Affected versions include all up to 1.0; PT-Security notes versions prior ...

CVE-2025-6687

The CVE concerns the WordPress plugin Magic Buttons for Elementor . Affected: the plugin’s magic-button shortcode in all versions up to 1.0. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling a Stored Cross-Site Scripting (Stored XSS) vulnerabili...

WordPress plugin Magic Buttons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Magic Buttons for Elementor that stems from insufficient input cleanup and output escaping of user-supplied...

WordPress plugin Magic Buttons for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress Magic Buttons for Elementor, which stems from insufficient input cleanup and output escaping of user-supplied...

PT-2025-27596 · WordPress · Magic Buttons For Elementor

Name of the Vulnerable Software and Affected Versions: Magic Buttons for Elementor plugin for WordPress versions prior to 1.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the plugin's...

PT-2025-27597 · WordPress · Magic Buttons For Elementor

Name of the Vulnerable Software and Affected Versions: Magic Buttons for Elementor plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...