CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-125097 – BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scripting
https://notcve.org/view.php?id=CVE-2014-125097
10 Apr 2023 — A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. • https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10012 – BestWebSoft Facebook Like Button facebook-button-plugin.php fcbk_bttn_plgn_settings_page cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10012
09 Apr 2023 — A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. • https://github.com/wp-plugins/facebook-button-plugin/commit/33144ae5a45ed07efe7fceca901d91365fdbf7cb • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2017-2171
https://notcve.org/view.php?id=CVE-2017-2171
22 May 2017 — Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Post... • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-91: XML Injection (aka Blind XPath Injection) •