Maxfoundry Maxbuttons
12 CVEs affecting Maxfoundry Maxbuttons. Latest disclosed: 2025-04-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36503 | Medium | 6.5 | 2023-07-25 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions. |
CVE-2023-7029 | Medium | 6.4 | 2024-02-05 | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, a… |
CVE-2025-39444 | Medium | 5.9 | 2025-04-17 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in maxfoundry MaxButtons maxbuttons allows Stored XSS.This i… |
CVE-2024-3026 | Medium | 5.4 | 2024-07-13 | The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low a… |
CVE-2024-6499 | Medium | 5.3 | 2024-08-24 | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it po… |
CVE-2024-10555 | Medium | 4.8 | 2024-12-20 | The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users… |
CVE-2024-8968 | Medium | 4.7 | 2024-12-20 | The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users… |
CVE-2023-6594 | Medium | 4.4 | 2024-01-09 | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and includin… |
CVE-2022-36346 | Medium | 4.3 | 2022-08-22 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. |
CVE-2014-125092 | Low | 3.5 | 2023-03-05 | A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of… |
CVE-2022-38703 | Low | 3.4 | 2022-09-23 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 at WordPress |
CVE-2014-7181 | | 2014-10-16 | Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web scrip… |