Cross-Site Scripting Vulnerability in Max Foundry MaxButtons Plugin for WordPress
CVE-2014-7181

Currently unrated

Key Information:

Vendor: Wordpress
Status: Maxbuttons
Vendor: CVE Published:; 16 October 2014

What is CVE-2014-7181?

A cross-site scripting vulnerability exists in the Max Foundry MaxButtons plugin before version 1.26.1 for WordPress. This flaw allows remote attackers to inject arbitrary web scripts or HTML via the 'id' parameter in the button action of the maxbuttons-controller page, specifically through wp-admin/admin.php. The weakness is particularly related to the button creation interface, posing a risk of compromising the security of affected WordPress installations.

References

http://packetstormsecurity.com/files/128693/WordPress-Max...

x_refsource_MISC

http://www.securityfocus.com/archive/1/533700/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://wordpress.org/plugins/maxbuttons/changelog

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2014
Vulnerability Reserved
Sep 25, 2014

Wordpress

What is CVE-2014-7181?

References

Timeline