Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

burgersoftware

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-26740
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.37%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 21:53
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz spabiz allows DOM-Based XSS.This issue affects SpaBiz: from n/a through <= 1.0.18.

Action-Not Available
Vendor-burgersoftware
Product-SpaBiz
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-26732
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.85%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 14:00
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress StoreBiz plugin <= 1.0.32 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware StoreBiz storebiz allows DOM-Based XSS.This issue affects StoreBiz: from n/a through <= 1.0.32.

Action-Not Available
Vendor-burgersoftware
Product-StoreBiz
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1872
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-1.16% / 78.98%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 06:44
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the button_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-burgersoftwarewebdzier
Product-Buttonbutton
CWE ID-CWE-502
Deserialization of Untrusted Data