CVE-2024-2858 Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

2024-04-1505:00:06

WPScan

www.cve.org

wordpress

csrf

arbitrary button deletion

simple buttons creator

cve-2024-2858

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Simple Buttons Creator",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.04"
      }
    ],
    "defaultStatus": "affected"
  }
]