VYPR

Bread Butter

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-4279MedApr 22, 2026
    risk 0.42cvss 6.4epss 0.00

    The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadbutter-customevent-button' shortcode in all versions up to, and including, 8.2.0.25. This is due to insufficient input sanitization and output escaping on the 'event' shortcode…

  • CVE-2024-51802MedNov 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bread & Butter Bread & Butter bread-butter allows DOM-Based XSS.This issue affects Bread & Butter: from n/a through <= 7.4.857.

  • CVE-2025-12189MedDec 5, 2025
    risk 0.21cvss 4.3epss 0.00

    The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.11.1374. This is due to missing or incorrect nonce validation on the…