Bread Butter
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4279 | Med | 0.42 | 6.4 | 0.00 | Apr 22, 2026 | The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode… | ||
| CVE-2024-51802 | Med | 0.42 | 6.5 | 0.00 | Nov 19, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bread & Butter Bread & Butter bread-butter allows DOM-Based XSS.This issue affects Bread & Butter: from n/a through <= 7.4.857. | ||
| CVE-2025-12189 | Med | 0.21 | 4.3 | 0.00 | Dec 5, 2025 | The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the… |
- risk 0.42cvss 6.4epss 0.00
The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bread & Butter Bread & Butter bread-butter allows DOM-Based XSS.This issue affects Bread & Butter: from n/a through <= 7.4.857.
- risk 0.21cvss 4.3epss 0.00
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the…