VYPR

Pootle Button

by Pootlepress

Source repositories

CVEs (2)

  • CVE-2025-23758HigJan 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pootlepress Pootle button pootle-button allows Reflected XSS.This issue affects Pootle button: from n/a through <= 1.2.0.

  • CVE-2017-15811MedOct 23, 2017
    risk 0.28cvss 5.4epss 0.01

    The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.