Lucene search
K
MaxfoundryMaxbuttons

11 matches found

CVE
CVE
added 2024/02/05 9:22 p.m.96 views

CVE-2023-7029

CVE-2023-7029 affects the WordPress MaxButtons plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in shortcode attributes due to insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level access and above. All versions up to 9.7.6 ...

6.4CVSS5.6AI score0.00399EPSS
CVE
CVE
added 2022/08/22 2:50 p.m.94 views

CVE-2022-36346

CVE-2022-36346 affects the WordPress MaxButtons plugin by Max Foundry, specifically versions

8.8CVSS6.9AI score0.00334EPSS
CVE
CVE
added 2023/07/25 1:50 p.m.82 views

CVE-2023-36503

CVE-2023-36503 affects the WordPress plugin MaxButtons (MaxFoundry) for versions

6.5CVSS5.7AI score0.0038EPSS
CVE
CVE
added 2024/01/09 2:34 a.m.78 views

CVE-2023-6594

CVE-2023-6594 affects WordPress MaxButtons: Stored XSS via admin settings in all versions up to 9.7.4. Exploitation requires administrator-level privileges (or higher) and contexts where unfiltered_html is disabled, with multi-site installations affected. Root cause: insufficient input sanitizati...

4.8CVSS4.9AI score0.00319EPSS
CVE
CVE
added 2023/03/05 8:31 p.m.76 views

CVE-2014-125092

CVE-2014-125092 affects the WordPress MaxButtons Plugin up to version 1.26.0. The vulnerability targets the function maxbuttons_strip_px in includes/maxbuttons-button.php, where manipulation of the button_id parameter leads to a cross-site scripting (XSS) flaw. The issue may be triggered remotely...

6.1CVSS4.8AI score0.00531EPSS
Web
CVE
CVE
added 2022/09/23 1:52 p.m.65 views

CVE-2022-38703

The CVE-2022-38703 entry concerns the WordPress MaxButtons plugin (MaxButtons) versions

4.8CVSS4.2AI score0.00413EPSS
CVE
CVE
added 2024/08/24 3:29 a.m.55 views

CVE-2024-6499

CVE-2024-6499 refers to the WordPress Button Plugin MaxButtons vulnerability. The MaxButtons plugin (WordPress Button Plugin MaxButtons) versions up to and including 9.7.8 expose full filesystem paths, enabling unauthenticated attackers to obtain instance paths. The risk is information exposure w...

5.3CVSS5.3AI score0.00439EPSS
CVE
CVE
added 2024/07/13 6:0 a.m.54 views

CVE-2024-3026

CVE-2024-3026 affects WordPress Button Plugin MaxButtons (versions

5.4CVSS5.5AI score0.00492EPSS
CVE
CVE
added 2014/10/16 7:0 p.m.53 views

CVE-2014-7181

CVE-2014-7181 concerns the WordPress plugin MaxButtons (MaxButtons WordPress plugin,

4.3CVSS5.8AI score0.02053EPSS
Web
CVE
CVE
added 2024/12/20 6:0 a.m.52 views

CVE-2024-10555

CVE-2024-10555 affects the MaxButtons WordPress Button Plugin (MaxButtons) for versions prior to 9.8.1. The issue arises because certain plugin settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as ...

4.8CVSS5.4AI score0.00321EPSS
CVE
CVE
added 2024/12/20 6:0 a.m.51 views

CVE-2024-8968

CVE-2024-8968 affects WordPress Button Plugin MaxButtons, where versions prior to 9.8.1 fail to properly sanitize and escape certain settings. This enables a high-privilege user (e.g., an admin) to perform a Stored Cross-Site Scripting (Stored XSS) attack, even when unfiltered_html is disallowed ...

4.7CVSS5.4AI score0.00409EPSS