Lucene search
K

136 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:30 a.m.11 views

CVE-2023-7029

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:8 a.m.13 views

CVE-2023-6594

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS5.8AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:24 a.m.21 views

CVE-2014-125092

A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttonsstrippx of the file includes/maxbuttons-button.php. The manipulation of the argument buttonid leads to cross site scripting. The attack may be initiate...

6.1CVSS6.3AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:10 p.m.26 views

CVE-2025-39444

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...

5.9CVSS7.2AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.25 views

CVE-2025-39444

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...

5.9CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:16 p.m.60 views

CVE-2025-39444

CVE-2025-39444 – WordPress MaxButtons plugin

5.9CVSS7.2AI score0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:16 p.m.9 views

CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3...

5.9CVSS6.1AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:16 p.m.34 views

CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This issue affects MaxButtons: from n/a through = 9.8.3...

5.9CVSS0.00246EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/17 9:33 a.m.12 views

WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ayato Shitomi @ Fore-Z co.ltd in WordPress Plugin MaxButtons versions = 9.8.3...

5.9CVSS6.9AI score0.00246EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.4 views

WordPress plugin MaxButtons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin... A cross-site scriptin...

5.9CVSS6.2AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.11 views

PT-2025-17011 · Unknown · Maxbuttons

Name of the Vulnerable Software and Affected Versions: MaxButtons versions through 9.8.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means an attacker can inject malicious scrip...

5.9CVSS6.3AI score0.00246EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/12/20 7:49 p.m.5 views

WordPress MaxButtons plugin < 9.8.1 - Admin+ Stored XSS via Button Width vulnerability

Admin+ Stored XSS via Button Width vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin MaxButtons versions 9.8.1...

4.8CVSS6AI score0.00327EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/12/20 6:15 a.m.4 views

CVE-2024-8968

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

4.7CVSS7.3AI score0.00417EPSS
Exploits1References1
NVD
NVD
added 2024/12/20 6:15 a.m.26 views

CVE-2024-8968

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

4.7CVSS0.00417EPSS
Exploits1References1
OSV
OSV
added 2024/12/20 6:15 a.m.4 views

CVE-2024-10555

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

4.8CVSS5.8AI score0.00327EPSS
Exploits1References1
NVD
NVD
added 2024/12/20 6:15 a.m.9 views

CVE-2024-10555

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

4.8CVSS0.00327EPSS
Exploits1References1
CVE
CVE
added 2024/12/20 6:0 a.m.53 views

CVE-2024-8968

CVE-2024-8968 affects WordPress Button Plugin MaxButtons, where versions prior to 9.8.1 fail to properly sanitize and escape certain settings. This enables a high-privilege user (e.g., an admin) to perform a Stored Cross-Site Scripting (Stored XSS) attack, even when unfiltered_html is disallowed ...

4.7CVSS5.4AI score0.00417EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/12/20 6:0 a.m.23 views

CVE-2024-8968 MaxButtons < 9.8.1 - Admin+ Stored XSS via Text Color

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

0.00417EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/12/20 6:0 a.m.12 views

CVE-2024-10555 MaxButtons < 9.8.1 - Admin+ Stored XSS via Button Width

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisit...

5.7AI score0.00327EPSS
Exploits1References1
CVE
CVE
added 2024/12/20 6:0 a.m.55 views

CVE-2024-10555

CVE-2024-10555 affects the MaxButtons WordPress Button Plugin (MaxButtons) for versions prior to 9.8.1. The issue arises because certain plugin settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as ...

4.8CVSS5.4AI score0.00327EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder