WordPress Plugin Vulnerabilities

MaxButtons 1.19.0 - includes/maxbuttons-button-css.php Authentication Bypass

Description

The WordPress Button Plugin MaxButtons WordPress plugin was affected by an includes/maxbuttons-button-css.php Authentication Bypass security vulnerability.

Affects Plugins

Plugin icon
maxbuttons
Fixed in 1.20.0

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287

Miscellaneous

Verified
No
WPVDB ID
9b6d9ce1-04d5-4d4b-8cb8-1adb4e51ed8e

Timeline

Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2015-05-15 (about 8 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress 3.7.1 & 3.8 - Cleartext Admin Credentials Disclosure
Published
2022-04-21
Title
WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR
Published
2021-07-20
Title
NEX Forms < 7.8.8 - Authentication Bypass for PDF Reports
Published
2017-12-03
Title
Apocalypse Meow 21.1.3-21.2.7 - BCrypt Authentication Bypass
Published
2014-09-17
Title
Custom Contact Forms < 5.1.0.4 - Unauthenticated Database Import/Export