Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

maxfoundry — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting maxfoundry. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by maxfoundry:Media Library FoldersMaxButtons – Create buttonsMaxGalleriaSocial Share ButtonsMaxA/BMaxButtons
CVE IDTitleCVSSSeverityPublished
CVE-2026-2312 Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename — Media Library FoldersCWE-862 4.3 Medium2026-02-14
CVE-2025-39444 WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability — MaxButtonsCWE-79 5.9 Medium2025-04-17
CVE-2025-28933 WordPress MaxA/B plugin <= 2.2.2 - CSRF to Stored XSS vulnerability — MaxA/BCWE-352 7.1 High2025-03-11
CVE-2025-0935 Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change — Media Library FoldersCWE-862 4.3 Medium2025-02-15
CVE-2024-9219 WordPress Social Share Buttons <= 1.19 - Reflected Cross-Site Scripting — Social Share ButtonsCWE-79 6.1 Medium2024-10-19
CVE-2024-7858 Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions — Media Library FoldersCWE-862 6.3 Medium2024-08-30
CVE-2024-7857 Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection — Media Library FoldersCWE-89 6.5 Medium2024-08-29
CVE-2024-6499 WordPress Button Plugin MaxButtons <= 9.7.8 - Full Path Disclosure — MaxButtons – Create buttonsCWE-200 5.3 Medium2024-08-24
CVE-2024-5970 MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode — MaxGalleriaCWE-79 6.4 Medium2024-06-18
CVE-2024-3581 MaxGalleria <= 6.4.2 - Missing Authorization — MaxGalleriaCWE-862 4.3 Medium2024-05-02
CVE-2024-3615 Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's' — Media Library FoldersCWE-79 6.1 Medium2024-04-19
CVE-2023-7029 WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode — MaxButtons – Create buttonsCWE-79 6.4 Medium2024-02-05
CVE-2023-6594 WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting — MaxButtons – Create buttonsCWE-79 4.4 Medium2024-01-09

This page lists every published CVE security advisory associated with maxfoundry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.