11 matches found
CVE-2023-7029
CVE-2023-7029 affects the WordPress MaxButtons plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in shortcode attributes due to insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level access and above. All versions up to 9.7.6 ...
CVE-2022-36346
CVE-2022-36346 affects the WordPress MaxButtons plugin by Max Foundry, specifically versions
CVE-2023-36503
CVE-2023-36503 affects the WordPress plugin MaxButtons (MaxFoundry) for versions
CVE-2023-6594
CVE-2023-6594 affects WordPress MaxButtons: Stored XSS via admin settings in all versions up to 9.7.4. Exploitation requires administrator-level privileges (or higher) and contexts where unfiltered_html is disabled, with multi-site installations affected. Root cause: insufficient input sanitizati...
CVE-2014-125092
CVE-2014-125092 affects the WordPress MaxButtons Plugin up to version 1.26.0. The vulnerability targets the function maxbuttons_strip_px in includes/maxbuttons-button.php, where manipulation of the button_id parameter leads to a cross-site scripting (XSS) flaw. The issue may be triggered remotely...
CVE-2022-38703
The CVE-2022-38703 entry concerns the WordPress MaxButtons plugin (MaxButtons) versions
CVE-2024-6499
CVE-2024-6499 refers to the WordPress Button Plugin MaxButtons vulnerability. The MaxButtons plugin (WordPress Button Plugin MaxButtons) versions up to and including 9.7.8 expose full filesystem paths, enabling unauthenticated attackers to obtain instance paths. The risk is information exposure w...
CVE-2024-3026
CVE-2024-3026 affects WordPress Button Plugin MaxButtons (versions
CVE-2014-7181
CVE-2014-7181 concerns the WordPress plugin MaxButtons (MaxButtons WordPress plugin,
CVE-2024-10555
CVE-2024-10555 affects the MaxButtons WordPress Button Plugin (MaxButtons) for versions prior to 9.8.1. The issue arises because certain plugin settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as ...
CVE-2024-8968
CVE-2024-8968 affects WordPress Button Plugin MaxButtons, where versions prior to 9.8.1 fail to properly sanitize and escape certain settings. This enables a high-privilege user (e.g., an admin) to perform a Stored Cross-Site Scripting (Stored XSS) attack, even when unfiltered_html is disallowed ...