6 matches found
CVE-2023-7029
CVE-2023-7029 affects the WordPress MaxButtons plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in shortcode attributes due to insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level access and above. All versions up to 9.7.6 ...
CVE-2014-125092
CVE-2014-125092 affects the WordPress MaxButtons Plugin up to version 1.26.0. The vulnerability targets the function maxbuttons_strip_px in includes/maxbuttons-button.php, where manipulation of the button_id parameter leads to a cross-site scripting (XSS) flaw. The issue may be triggered remotely...
CVE-2024-6499
CVE-2024-6499 refers to the WordPress Button Plugin MaxButtons vulnerability. The MaxButtons plugin (WordPress Button Plugin MaxButtons) versions up to and including 9.7.8 expose full filesystem paths, enabling unauthenticated attackers to obtain instance paths. The risk is information exposure w...
CVE-2024-3026
CVE-2024-3026 affects WordPress Button Plugin MaxButtons (versions
CVE-2024-10555
CVE-2024-10555 affects the MaxButtons WordPress Button Plugin (MaxButtons) for versions prior to 9.8.1. The issue arises because certain plugin settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as ...
CVE-2024-8968
CVE-2024-8968 affects WordPress Button Plugin MaxButtons, where versions prior to 9.8.1 fail to properly sanitize and escape certain settings. This enables a high-privilege user (e.g., an admin) to perform a Stored Cross-Site Scripting (Stored XSS) attack, even when unfiltered_html is disallowed ...