136 matches found
CVE-2026-13245
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-13245 MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-13245
The CVE-2026-13245 entry concerns the WordPress plugin MaxButtons – Create buttons, vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to 9.8.5. The root cause is insufficient input sanitization and output escaping, enabling unauthenticated attackers to injec...
EUVD-2026-39944
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-13245
The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
PT-2026-53046
Name of the Vulnerable Software and Affected Versions MaxButtons – Create buttons plugin for WordPress versions prior to 9.8.6 Description Reflected Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary we...
WordPress MaxButtons plugin < 9.8.1 - Admin+ Stored XSS via Text Color vulnerability
Admin+ Stored XSS via Text Color vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MaxButtons versions 9.8.1...
EUVD-2014-1260
Malware in sbrugna...
EUVD-2017-11352
Malware in sbrugna...
EUVD-2022-41272
Malicious code in bioql PyPI...
EUVD-2022-39062
Malicious code in bioql PyPI...
EUVD-2024-47584
Malicious code in bioql PyPI...
EUVD-2023-40452
Malicious code in bioql PyPI...
EUVD-2025-11568
Malicious code in bioql PyPI...
EUVD-2023-58818
Malicious code in bioql PyPI...
EUVD-2023-59220
Malicious code in bioql PyPI...
CVE-2024-3026
The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...
CVE-2024-6499
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other...
CVE-2024-8968
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...
CVE-2024-10555
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...