136 matches found
CVE-2023-7029
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2023-6594
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2014-125092
A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttonsstrippx of the file includes/maxbuttons-button.php. The manipulation of the argument buttonid leads to cross site scripting. The attack may be initiate...
CVE-2025-39444
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...
CVE-2025-39444
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...
CVE-2025-39444
CVE-2025-39444 – WordPress MaxButtons plugin
CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3...
CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...
WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Ayato Shitomi @ Fore-Z co.ltd in WordPress Plugin MaxButtons versions = 9.8.3...
WordPress plugin MaxButtons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A cross-site scriptin...
PT-2025-17011 · Unknown · Maxbuttons
Name of the Vulnerable Software and Affected Versions: MaxButtons versions through 9.8.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means an attacker can inject malicious scrip...
WordPress MaxButtons plugin < 9.8.1 - Admin+ Stored XSS via Button Width vulnerability
Admin+ Stored XSS via Button Width vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MaxButtons versions 9.8.1...
CVE-2024-8968
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...
CVE-2024-8968
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...
CVE-2024-10555
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...
CVE-2024-10555
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...
CVE-2024-8968
CVE-2024-8968 affects WordPress Button Plugin MaxButtons, where versions prior to 9.8.1 fail to properly sanitize and escape certain settings. This enables a high-privilege user (e.g., an admin) to perform a Stored Cross-Site Scripting (Stored XSS) attack, even when unfiltered_html is disallowed ...
CVE-2024-8968 MaxButtons < 9.8.1 - Admin+ Stored XSS via Text Color
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...
CVE-2024-10555 MaxButtons < 9.8.1 - Admin+ Stored XSS via Button Width
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...
CVE-2024-10555
CVE-2024-10555 affects the MaxButtons WordPress Button Plugin (MaxButtons) for versions prior to 9.8.1. The issue arises because certain plugin settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as ...