Lucene search
High-Tech BridgePATCHSTACK:219A7316EAF8620CA34094C8550A615DHistorySep 25, 2014 - 12:00 a.m.
WordPress MaxButtons Plugin <= 1.26.0 - XSS
2014-09-2500:00:00
High-Tech Bridge
patchstack.com
8
0.002 Low
EPSS
Percentile
64.9%
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the “id” parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.
Solution
Update the plugin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| maxbuttons | le | 1.26.0 |
Related
cve
cve
CVE-2014-7181
2014-10-16 19:55:14
nvd
nvd
CVE-2014-7181
2014-10-16 19:55:14
securityvulns
securityvulns
htbridge
htbridge
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
2014-09-24 00:00:00
cvelist
cvelist
CVE-2014-7181
2014-10-16 19:00:00
prion
prion
Cross site scripting
2014-10-16 19:55:00
wpvulndb
wpvulndb
MaxButtons 1.26.0 - Cross Site Scripting (XSS)
2014-10-15 19:34:21
packetstorm
packetstorm
WordPress MaxButtons 1.26.0 Cross Site Scripting
2014-10-15 00:00:00
zdt
zdt
WordPress MaxButtons 1.26.0 Cross Site Scripting Vulnerability
2014-10-16 00:00:00