CVE-2024-3026

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 45.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Wordpress Button Plugin MaxbuttonsMaxfoundry Maxbuttons
Timeline
PublishedJul 13

Description

The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS2024-07-13
GHSA
GHSA-8h2w-mrjw-fq93: The WordPress Button Plugin MaxButtons WordPress plugin before 92024-07-13
CVE-2024-3026 (MEDIUM CVSS 5.4) | The WordPress Button Plugin MaxButt | cvebase.io