Known Vulnerabilities for products from Maxfoundry
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Maxfoundry".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-39444 json | Not Provided | 2025-04-17 | 2026-04-23 | |
| CVE-2025-28933 json | Not Provided | 2025-03-11 | 2026-04-23 | |
| CVE-2024-31287 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Fol... | Not Provided | 2024-04-10 | 2026-04-28 |
| CVE-2024-30486 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Max Foundry Media Libra... | Not Provided | 2024-03-29 | 2026-04-28 |
| CVE-2024-7857 json | The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of t... | Not Provided | 2024-08-29 | 2026-04-08 |
| CVE-2024-3615 json | The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all v... | Not Provided | 2024-04-19 | 2026-04-08 |
| CVE-2023-36503 json | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.... | 5.4 - MEDIUM | 2023-07-25 | 2023-08-01 |
| CVE-2023-7029 json | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sho... | Not Provided | 2024-02-05 | 2026-04-08 |
| CVE-2023-6594 json | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings i... | Not Provided | 2024-01-09 | 2026-04-08 |
| CVE-2022-41634 json | Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folders plugin <= 7.1.1 on WordPress. | 8.8 - HIGH | 2022-11-18 | 2022-11-23 |
| CVE-2022-38703 json | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button Plugin MaxButtons plugin <= 9.2 ... | 4.8 - MEDIUM | 2022-09-23 | 2022-09-23 |
| CVE-2022-36346 json | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | 8.8 - HIGH | 2022-08-22 | 2022-08-23 |
| CVE-2022-25603 json | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPres... | 4.8 - MEDIUM | 2022-03-18 | 2022-03-24 |
| CVE-2022-2050 json | The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to ... | 4.8 - MEDIUM | 2022-07-11 | 2022-07-15 |
| CVE-2021-4222 json | The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users... | 4.8 - MEDIUM | 2022-02-28 | 2022-03-08 |
| CVE-2014-125092 json | A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects th... | 6.1 - MEDIUM | 2023-03-05 | 2023-11-18 |
| CVE-2014-7181 json | Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attac... | Not Provided | 2014-10-16 | 2026-05-06 |
Known software with vulnerabilities from Maxfoundry
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Maxfoundry | Maxbuttons | 6.12 |