VYPR

Button

by WordPress

CVEs (2)

  • CVE-2024-1872HigMar 29, 2024
    risk 0.57cvss 8.8epss 0.01

    The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and…

  • CVE-2021-25058MedFeb 21, 2022
    risk 0.35cvss 5.4epss 0.01

    The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.