cleantalk
Vulnerabilities and Security Researches

WordPress Button Plugin MaxButtons, CVE-2014-7181

CVE, Research URL

CVE-2014-7181

Home page URL

Security reports for WordPress Button Plugin MaxButtons

Application

WordPress Button Plugin MaxButtons

Published on
Oct 17, 2014
Research Description
Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.
Affected versions
Min -, max 1.20.0.
Status
vulnerable
Previous vulnerability researches
WordPress Button Plugin MaxButtons (CVE-2025-39444) , Apr 19, 2025
WordPress Button Plugin MaxButtons (CVE-2024-8968) , Dec 25, 2024
WordPress Button Plugin MaxButtons (CVE-2024-10555) , Dec 22, 2024
WordPress Button Plugin MaxButtons (CVE-2024-6499) , Aug 25, 2024
WordPress Button Plugin MaxButtons (CVE-2017-2169) , Jun 06, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025