CVE-2024-2857

🗓️ 15 Apr 2024 05:00:05Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 82 Views🌐 WEB

CVE-2024-2857 reserved for new security problem

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress Plugin Simple Buttons Creator 安全漏洞	15 Apr 202400:00	–	cnnvd
Cvelist	CVE-2024-2857 Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS	15 Apr 202405:00	–	cvelist
NVD	CVE-2024-2857	15 Apr 202405:15	–	nvd
OSV	CVE-2024-2857	15 Apr 202405:15	–	osv
Patchstack	WordPress Simple Buttons Creator plugin <= 1.04 - Unauthenticated Stored XSS vulnerability	15 Apr 202413:16	–	patchstack
Patchstack	WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Scripting (XSS)	15 Apr 202400:00	–	patchstack
Positive Technologies	PT-2024-22472 · WordPress · The Simple Buttons Creator	14 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-2857	7 Jan 202609:19	–	redhatcve
Vulnrichment	CVE-2024-2857 Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS	15 Apr 202405:00	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)	4 Apr 202417:35	–	wordfence

NVD

Vulners

Vulnrichment

Node

robbychen simple_buttons_creatorRange≤1.04wordpress

[
  {
    "vendor": "Unknown",
    "product": "Simple Buttons Creator",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.04"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/b7a35c5b-474a-444a-85ee-c50782c7a6c2/

Parameter	Position	Path	Description	CWE
button_id	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_name	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_text	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_link	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_bg_color	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_txt_color	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_font_size	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_border_radius	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352
bt_css	request body	/wp-content/plugins/simple-buttons-creator/bt-manage.php?page=sbc-new&method=post	Unauthenticated CSRF and input sanitisation allow creation of malicious buttons and stored XSS via bt_css field.	CWE-352

08 May 2025 20:31Current

8.2High risk

Vulners AI Score8.2

CVSS 3.16.1

EPSS0.00235

SSVC

CWE-352