OTWthemes Buttons Shortcode and Widget for WordPress
Approved changes feed: RSS · Atom
cpe:2.3:a:otwthemes:buttons_shortcode_and_widget:-:*:*:*:*:wordpress:*:*
part: a version: - update: *
| Vendor | Otwthemes (6f083afe-ad9c-58fc-a5cc-ad8ad7d44025) |
|---|---|
| Product | Buttons Shortcode And Widget (f5438bb5-eba2-537f-bb2b-c33fb2a41ba2) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/buttons-shortcode-and-widget |
purl2cpe | 2026-06-01 10:16:40.035081 |
pkg:github/wpplugins/buttons-shortcode-and-widget |
purl2cpe | 2026-06-01 10:16:40.035082 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-0711 |
vulnerable | 2026-06-08 06:22:01.824211 |
Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Published: 2024-03-18T19:05:51.650Z
Updated: 2024-10-27T22:11:35.861Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.