cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8968,https://securityvulnerability.io/vulnerability/CVE-2024-8968,Stored Cross-Site Scripting Vulnerability in MaxButtons Plugin for WordPress,"The MaxButtons plugin for WordPress, prior to version 9.8.1, has a significant security weakness that stems from improper sanitization and escaping of its settings. This flaw allows users with high privileges, such as administrators, to execute stored cross-site scripting (XSS) attacks, even in environments where the ability to input unfiltered HTML is restricted (common in multisite configurations). The vulnerability poses a critical risk to websites using the affected plugin, as it can be exploited to inject malicious scripts into web pages viewed by other users, compromising their data and session security.",Wordpress,WordPress Button Plugin Maxbuttons,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-12-20T06:00:04.888Z,0
CVE-2024-10555,https://securityvulnerability.io/vulnerability/CVE-2024-10555,Vulnerability in MaxButtons Plugin for WordPress Exposes Sites to Stored XSS Attacks,"CVE-2024-10555 is a critical vulnerability affecting the MaxButtons plugin for WordPress, specifically versions prior to 9.8.1. This flaw arises from improper sanitization and escaping of certain settings within the plugin. As a consequence, high-privilege users, including administrators, can exploit this vulnerability to carry out Stored Cross-Site Scripting (XSS) attacks, posing a considerable risk to website security. Even in configurations where unfiltered HTML capabilities are disabled—such as in multisite environments—attackers can still use this vulnerability to inject malicious scripts. Website administrators are strongly urged to upgrade to the latest version of the MaxButtons plugin to mitigate potential security risks.",Wordpress,WordPress Button Plugin Maxbuttons,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-12-20T06:00:02.298Z,0
CVE-2024-6499,https://securityvulnerability.io/vulnerability/CVE-2024-6499,Information Exposure Vulnerability in MaxButtons Plugin Affects All Versions Up to 9.7.8,"The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use.",Wordpress,WordPress Button Plugin Maxbuttons,5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-08-24T03:29:23.649Z,0
CVE-2024-3026,https://securityvulnerability.io/vulnerability/CVE-2024-3026,Cross-Site Scripting vulnerability in MaxButtons WordPress plugin,"The MaxButtons WordPress plugin, prior to version 9.7.8, contains a security flaw where it fails to properly sanitize and escape various user-input parameters. This oversight can be exploited by users with minimal permissions, such as editors, potentially leading to Cross-Site Scripting (XSS) attacks. Successful exploitation enables attackers to inject malicious scripts into web pages viewed by unsuspecting users, thereby compromising the integrity and security of the affected WordPress sites.",Wordpress,WordPress Button Plugin Maxbuttons,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:03.859Z,0
CVE-2023-7029,https://securityvulnerability.io/vulnerability/CVE-2023-7029,Stored Cross-Site Scripting Vulnerability in MaxButtons Plugin for WordPress,"The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability was partially fixed in version 9.7.6.",Wordpress,WordPress Button Plugin Maxbuttons,6.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-02-05T21:22:00.359Z,0
CVE-2023-6594,https://securityvulnerability.io/vulnerability/CVE-2023-6594,Stored Cross-Site Scripting Vulnerability in MaxButtons Plugin for WordPress,"The MaxButtons plugin for WordPress allows an authenticated user with administrator-level permissions to inject malicious web scripts through its admin settings. This vulnerability arises from insufficient input sanitization and output escaping, impacting all versions up to and including 9.7.4. It primarily affects multi-site installations and those where unfiltered_html has been disabled. Consequently, users with lower privileges, such as contributors, could gain button creation rights, further facilitating potential XSS attacks against unsuspecting users. Proper security measures and updates are essential to mitigate these risks.",Wordpress,WordPress Button Plugin MaxButtons,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-09T03:15:00.000Z,0
CVE-2023-36503,https://securityvulnerability.io/vulnerability/CVE-2023-36503,WordPress MaxButtons Plugin <= 9.5.3 is vulnerable to Cross Site Scripting (XSS),Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions.,Wordpress,WordPress Button Plugin MaxButtons,5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-07-25T14:15:00.000Z,0
CVE-2022-38703,https://securityvulnerability.io/vulnerability/CVE-2022-38703,WordPress Button Plugin MaxButtons plugin <= 9.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability,Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress,Wordpress,WordPress Button Plugin Maxbuttons (WordPress Plugin),3.4,LOW,0.0005099999834783375,false,,false,false,false,,false,false,2022-09-23T14:15:00.000Z,0