- Description
- The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Source
- contact@wpscan.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
CVE-2024-10555 Stored Cross-Site Scripting in MaxButtons WordPress Plugin Prior to 9.8.1 The MaxButtons WordPress plugin, before version 9.8.1, has a problem. It does not clean and secure some of its settings pro... https://t.co/wX2cCHWscX
@VulmonFeeds
20 Dec 2024
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10555 The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as… https://t.co/AYXJXtq1u3
@CVEnew
20 Dec 2024
455 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes