CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

WordPress plugin WordPress Button Plugin MaxButtons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

WordPress Button Plugin <= 1.1.27 is vulnerable to PHP Object Injection

Software Button Type Plugin Vulnerable versions = 1.1.27 Fixed in 1.1.28 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1872 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d7ad40b2deb7 Credits Francesco Carlucci Required privilege...

WordPress Plugin WordPress Button Plugin MaxButtons Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Button Plugin...

CVE-2023-36503

Auth. contributor+ Cross-Site Scripting XSS vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin = 9.5.3 versions...

WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS)

Software Button Type Plugin Vulnerable versions = 1.1.23 Fixed in 1.1.24 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23871 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 53d7594604e4 Credits yuyudhn Required privilege...