2 matches found
CVE-2025-6687
The CVE concerns the WordPress plugin Magic Buttons for Elementor . Affected: the plugin’s magic-button shortcode in all versions up to 1.0. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling a Stored Cross-Site Scripting (Stored XSS) vulnerabili...
CVE-2025-6686
The WordPress plugin Magic Buttons for Elementor is affected by a stored cross-site scripting (XSS) flaw in the magic-button shortcode due to insufficient input sanitization and output escaping of user-supplied attributes. Affected versions include all up to 1.0; PT-Security notes versions prior ...