Cross-Site Scripting Vulnerability in Max Foundry MaxButtons Plugin for WordPress
CVE-2014-7181

Currently unrated

Key Information:

Vendor

Wordpress
Status
Maxbuttons
Vendor
CVE Published:
16 October 2014

What is CVE-2014-7181?

A cross-site scripting vulnerability exists in the Max Foundry MaxButtons plugin before version 1.26.1 for WordPress. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the 'id' parameter in the button action of the maxbuttons-controller page, specifically through wp-admin/admin.php. The weakness is particularly related to the button creation interface, posing a risk of compromising the security of affected WordPress installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://packetstormsecurity.com/files/128693/WordPress-Max...
x_refsource_MISC
http://www.securityfocus.com/archive/1/533700/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://wordpress.org/plugins/maxbuttons/changelog
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.