WordPress, being one of the most popular content management systems globally, attracts a vast user base, including developers and businesses. Its extensive plugin ecosystem enhances its functionality, allowing users to customize their websites easily. However, with popularity comes the risk of vulnerabilities. One such critical issue has been discovered in the WordPress Button Plugin MaxButtons, potentially affecting over 100,000 installations worldwide. The vulnerability, identified as CVE-2024-3026, enables attackers to implement Stored Cross-Site Scripting (XSS) to create backdoors and gain unauthorized access.
CVE-2024-3026 – WordPress Button Plugin MaxButtons – Stored XSS to backdoor creation – POC
![CVE-2024-3026 – WordPress Button Plugin MaxButtons – Stored XSS to backdoor creation – POC CVE-2024-3026 – WordPress Button Plugin MaxButtons – Stored XSS to backdoor creation – POC](https://research.cleantalk.org/wp-content/uploads/2023/10/New_1_not_safe-1.png)