Aggregates CVE and security vulnerability intelligence across all maxfoundry-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk sql injection and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-25603 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | [email protected] | 4.8 | 0.54% | 2022-03-18 | 2026-06-17 |
| CVE-2021-4222 | The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | [email protected] | 4.8 | 0.80% | 2022-02-28 | 2026-06-17 |
| CVE-2014-7181 | Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page. | [email protected] | 4.3 | 2.05% | 2014-10-16 | 2026-06-16 |