WordPress Plugin Vulnerabilities

The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS)

Description

The plugin was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.

Proof of Concept

Affects Plugins

Plugin icon
the-buffer-button
No known fix

References

CVE
CVE-2021-25058

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Rutuja D Shirke
Submitter
Rutuja D Shirke
Submitter website
https://www.linkedin.com/in/rutujashirke2812/
Verified
Yes
WPVDB ID
fd5271ef-1da5-4d09-888e-f1fd71820cde

Timeline

Publicly Published
2022-01-18 (about 3 years ago)
Added
2022-01-18 (about 3 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2014-08-01
Title
Zingiri Form Builder - "error" Cross-Site Scripting
Published
2024-01-11
Title
Hubbub Lite < 1.32.0 - Admin+ Stored XSS
Published
2017-02-19
Title
Time Sheets < 1.5.2 - Multiple XSS
Published
2025-07-04
Title
Video Gallery Block < 1.1.1 - Contributor+ Stored XSS
Published
2023-02-02
Title
Pinpoint Booking System < 2.9.9.2.9 - Admin+ Stored XSS