CVE-2025-48252

Medium CVSS: 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through <= 1.6.8.

Vendor

Wpfactory

Product

Back Button Widget

CWE

CWE-79

Yayın Tarihi

2025-05-19 15:15:28

Güncelleme

2026-04-01 17:24:33

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-79 Back Button Widget MEDIUM Wpfactory 2025

Referanslar

https://patchstack.com/database/Wordpress/Plugin/back-button-widget/vulnerability/wordpress-back-button-widget-1-6-8-cross-site-scripting-xss-vulnerability?_s_id=cve

Benzer Kayıtlar

Medium

CVE-2025-48253

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shi…

Medium

CVE-2025-48254

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Change A…

Medium

CVE-2024-13774

The Wishlist for WooCommerce: Multi Wishlists Per Customer plugin for WordPress is vulnerable to Cross-Site Request Forg…

Medium

CVE-2024-13525

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in…

High

CVE-2024-13528

The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versi…