CVE-2024-0711

Name of the Vulnerable Software and Affected Versions The Buttons Shortcode and Widget WordPress plugin versions 1.16 and earlier

Description The issue concerns the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This could enable attackers to embed malicious scripts in posts.

Recommendations For versions 1.16 and earlier, update to a version that includes the necessary validation and escaping of shortcode attributes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the use of the plugin's shortcodes to minimize the risk of exploitation.