- Description
- The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Source
- contact@wpscan.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 4.7
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
CVE-2024-8968 Stored XSS Vulnerability in MaxButtons WordPress Plugin Before 9.8.1 The MaxButtons WordPress plugin, before version 9.8.1, has a problem. It doesn't properly clean and escape some settings. This is... https://t.co/JKf9J6ptCl
@VulmonFeeds
20 Dec 2024
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8968 The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as a… https://t.co/4Xhx4tGHOg
@CVEnew
20 Dec 2024
425 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes