Reflected Cross-Site Scripting Vulnerability in MaxButtons Plugin for WordPress
CVE-2026-13245
6.1MEDIUM
What is CVE-2026-13245?
The MaxButtons plugin for WordPress is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping in the 'view' parameter. This flaw impacts all plugin versions up to and including 9.8.5. Attackers can exploit this vulnerability to inject arbitrary web scripts into pages, executing malicious scripts when users interact, such as clicking on compromised links. Itโs essential to apply security measures to mitigate potential exploits that could negatively affect your WordPress site.
Affected Version(s)
MaxButtons โ Create buttons 0 <= 9.8.5