Vulnerabilities > Maxfoundry
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-05 | CVE-2023-7029 | Cross-site Scripting vulnerability in Maxfoundry Maxbuttons The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including 9.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
2024-01-09 | CVE-2023-6594 | Cross-site Scripting vulnerability in Maxfoundry Maxbuttons The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. | 4.8 |
2023-07-25 | CVE-2023-36503 | Cross-site Scripting vulnerability in Maxfoundry Maxbuttons Auth. | 5.4 |
2023-03-05 | CVE-2014-125092 | Cross-site Scripting vulnerability in Maxfoundry Maxbuttons A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. | 6.1 |
2022-11-18 | CVE-2022-41634 | Cross-Site Request Forgery (CSRF) vulnerability in Maxfoundry Media Library Folders Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. | 8.8 |
2022-07-11 | CVE-2022-2050 | Cross-site Scripting vulnerability in Maxfoundry Wp-Paginate The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed | 3.5 |
2022-03-18 | CVE-2022-25603 | Cross-site Scripting vulnerability in Maxfoundry Maxgalleria 6.2.5 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | 3.5 |
2022-02-28 | CVE-2021-4222 | Cross-site Scripting vulnerability in Maxfoundry Wp-Paginate The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 3.5 |
2014-10-16 | CVE-2014-7181 | Cross-Site Scripting vulnerability in Maxfoundry Maxbuttons 1.26.0 Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page. | 4.3 |