VYPR

Buttons Shortcode and Widget

by WordPress

CVEs (2)

  • CVE-2024-24930MedFeb 12, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16.

  • CVE-2024-0711MedMar 18, 2024
    risk 0.40cvss 6.1epss 0.00

    The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…