CVE-2014-125092

Name of the Vulnerable Software and Affected Versions MaxButtons Plugin versions up to 1.26.0

Description A vulnerability was found in the MaxButtons Plugin and classified as problematic. This issue affects the function maxbuttons strip px of the file includes/maxbuttons-button.php. The manipulation of the argument button id leads to cross-site scripting. The attack may be initiated remotely.

Recommendations For MaxButtons Plugin versions up to 1.26.0, upgrade to version 1.26.1 to address this issue. As a temporary workaround, consider disabling the maxbuttons strip px function until the patch is applied. Restrict access to the includes/maxbuttons-button.php file to minimize the risk of exploitation. Avoid using the button id argument in the affected function until the issue is resolved.