CVE-2021-25058
The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS)
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
21 Feb 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting (XSS) within the Twitter username to mention text field.
Affected products
Unknown · The Buffer Button