Name of the Vulnerable Software and Affected Versions:

MaxButtons Plugin versions up to 1.26.0

Description:

A vulnerability was found in the MaxButtons Plugin and classified as problematic. This issue affects the function `maxbuttons strip px` of the file `includes/maxbuttons-button.php`. The manipulation of the argument `button id` leads to cross-site scripting. The attack may be initiated remotely.

Recommendations:

For MaxButtons Plugin versions up to 1.26.0, upgrade to version 1.26.1 to address this issue. As a temporary workaround, consider disabling the `maxbuttons strip px` function until the patch is applied. Restrict access to the `includes/maxbuttons-button.php` file to minimize the risk of exploitation. Avoid using the `button id` argument in the affected function until the issue is resolved.