Lucene search
K

6 matches found

CVE
CVE
added 2024/02/05 9:22 p.m.97 views

CVE-2023-7029

CVE-2023-7029 affects the WordPress MaxButtons plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) in shortcode attributes due to insufficient input sanitization and output escaping, exploitable by authenticated users with contributor-level access and above. All versions up to 9.7.6 ...

6.4CVSS5.6AI score0.00399EPSS
CVE
CVE
added 2023/03/05 8:31 p.m.78 views

CVE-2014-125092

CVE-2014-125092 affects the WordPress MaxButtons Plugin up to version 1.26.0. The vulnerability targets the function maxbuttons_strip_px in includes/maxbuttons-button.php, where manipulation of the button_id parameter leads to a cross-site scripting (XSS) flaw. The issue may be triggered remotely...

6.1CVSS4.8AI score0.00531EPSS
CVE
CVE
added 2024/08/24 3:29 a.m.59 views

CVE-2024-6499

CVE-2024-6499 refers to the WordPress Button Plugin MaxButtons vulnerability. The MaxButtons plugin (WordPress Button Plugin MaxButtons) versions up to and including 9.7.8 expose full filesystem paths, enabling unauthenticated attackers to obtain instance paths. The risk is information exposure w...

5.3CVSS5.3AI score0.00439EPSS
CVE
CVE
added 2024/07/13 6:0 a.m.56 views

CVE-2024-3026

CVE-2024-3026 affects WordPress Button Plugin MaxButtons (versions

5.4CVSS5.5AI score0.00492EPSS
CVE
CVE
added 2024/12/20 6:0 a.m.55 views

CVE-2024-10555

CVE-2024-10555 affects the MaxButtons WordPress Button Plugin (MaxButtons) for versions prior to 9.8.1. The issue arises because certain plugin settings are not properly sanitised/escaped, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as ...

4.8CVSS5.4AI score0.00321EPSS
CVE
CVE
added 2024/12/20 6:0 a.m.52 views

CVE-2024-8968

CVE-2024-8968 affects WordPress Button Plugin MaxButtons, where versions prior to 9.8.1 fail to properly sanitize and escape certain settings. This enables a high-privilege user (e.g., an admin) to perform a Stored Cross-Site Scripting (Stored XSS) attack, even when unfiltered_html is disallowed ...

4.7CVSS5.4AI score0.00409EPSS