[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7qHNjuew61YA6Yaaf1cGmk4sDCQXpMtAHqt0IraYo84":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2021-24992","buttonizer-smart-floating-action-button-admin-stored-cross-site-scripting","Buttonizer - Smart Floating Action Button \u003C= 2.5.4 - Admin+ Stored Cross-Site Scripting","The Smart Floating \u002F Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.","buttonizer-multifunctional-button",null,"\u003C=2.5.4","2.5.5","medium",4.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2021-11-29 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F15aba6ee-8345-401d-adf9-3fde0f5169bc?source=api-prod",785]