Maxfoundry

Maxbuttons

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-39444

  • EPSS 0.17%
  • Veröffentlicht 17.04.2025 15:16:48
  • Zuletzt bearbeitet 14.05.2025 13:15:48

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maxfoundry MaxButtons allows Stored XSS.This issue affects MaxButtons: from n/a through 9.8.3.

4.7

CVE-2024-8968

Exploit
  • EPSS 0.4%
  • Veröffentlicht 20.12.2024 06:15:23
  • Zuletzt bearbeitet 14.05.2025 16:19:25

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ...

4.8

CVE-2024-10555

Exploit
  • EPSS 0.12%
  • Veröffentlicht 20.12.2024 06:15:22
  • Zuletzt bearbeitet 14.05.2025 16:41:55

The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ...

5.3

CVE-2024-6499

  • EPSS 0.46%
  • Veröffentlicht 24.08.2024 04:15:07
  • Zuletzt bearbeitet 26.09.2024 22:07:50

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may b...

5.4

CVE-2024-3026

Exploit
  • EPSS 0.32%
  • Veröffentlicht 13.07.2024 06:15:02
  • Zuletzt bearbeitet 15.05.2025 18:46:44

The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks

5.4

CVE-2023-7029

  • EPSS 0.21%
  • Veröffentlicht 05.02.2024 22:15:59
  • Zuletzt bearbeitet 21.11.2024 08:45:04

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user suppl...

4.8

CVE-2023-6594

  • EPSS 0.1%
  • Veröffentlicht 09.01.2024 03:15:08
  • Zuletzt bearbeitet 21.11.2024 08:44:10

The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible...

5.4

CVE-2023-36503

  • EPSS 0.08%
  • Veröffentlicht 25.07.2023 14:15:10
  • Zuletzt bearbeitet 21.11.2024 08:09:50

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions.

6.1

CVE-2014-125092

  • EPSS 0.34%
  • Veröffentlicht 05.03.2023 21:15:09
  • Zuletzt bearbeitet 21.11.2024 02:03:47

A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads t...

4.8

CVE-2022-38703

  • EPSS 0.34%
  • Veröffentlicht 23.09.2022 14:15:12
  • Zuletzt bearbeitet 21.11.2024 07:16:57

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress