Buttons Shortcode And Widget

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:otwthemes:buttons_shortcode_and_widget:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorOtwthemes (6f083afe-ad9c-58fc-a5cc-ad8ad7d44025)
ProductButtons Shortcode And Widget (f5438bb5-eba2-537f-bb2b-c33fb2a41ba2)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/wp-plugins/buttons-shortcode-and-widget purl2cpe 2026-06-01 10:16:40.035077
pkg:github/wpplugins/buttons-shortcode-and-widget purl2cpe 2026-06-01 10:16:40.035079

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-24930 vulnerable 2026-06-08 06:29:42.077680 WordPress Buttons Shortcode and Widget Plugin <= 1.16 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16.
Published: 2024-02-12T05:56:45.293Z
Updated: 2026-04-28T16:09:11.738Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-0711 vulnerable 2026-06-08 06:22:01.825429 Buttons Shortcode and Widget <= 1.16 - Stored XSS via shortcode
The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Published: 2024-03-18T19:05:51.650Z
Updated: 2024-10-27T22:11:35.861Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.