cleantalk
Vulnerabilities and Security Researches

Button contact VR, CVE-2024-2220

CVE, Research URL

CVE-2024-2220

Home page URL

Security reports for Button contact VR

Application

Button contact VR

Published on
May 23, 2024
Research Description
The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
Min -, max 4.7.2.
Status
vulnerable
Previous vulnerability researches
Button contact VR (CVE-2024-2220) , Jun 07, 2024
Button contact VR (CVE-2024-43347) , Aug 20, 2024
Button contact VR (CVE-2024-50414) , Oct 28, 2024
New vulnerability
Football Pool (CVE-2025-5490) , Jun 20, 2025
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025