Lucene search
China National Vulnerability DatabaseCNVD-2022-21731HistoryJan 14, 2022 - 12:00 a.m.
WordPress Button Generator Plugin File Inclusion Vulnerability
2022-01-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
0.02 Low
EPSS
Percentile
88.9%
WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The WordPress Button Generator Plugin has a file inclusion vulnerability prior to 2.3.3. The vulnerability stems from the fact that the plugin does not effectively filter calls to remote file resources in the wowcompany admin menu page, which can be exploited to include arbitrary files with PHP extensions to execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress button generator plugin | lt | 2.3.3 |
Related
cvelist
cvelist
CVE-2021-25052 Button Generator < 2.3.3 - RFI leading to RCE via CSRF
2022-01-10 15:30:36
wpvulndb
wpvulndb
Button Generator < 2.3.3 - RFI leading to RCE via CSRF
2021-12-05 00:00:00
wpexploit
wpexploit
Button Generator < 2.3.3 - RFI leading to RCE via CSRF
2021-12-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-01-10 16:15:00
patchstack
patchstack
cve
cve
CVE-2021-25052
2022-01-10 16:15:09
nuclei
nuclei
WordPress Button Generator <2.3.3 - Remote File Inclusion
2022-02-08 01:07:19
nvd
nvd
CVE-2021-25052
2022-01-10 16:15:09