3 matches found
CVE-2021-24792
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a...
CVE-2021-24792
creationtimestamp| type| source ---|---|--- 2021-12-13 14:24:06+00:00| seen| https://t.me/cibsecurity/33810...
CVE-2021-24792
The CVE-2021-24792 entry concerns the WordPress plugin Shiny Buttons (versions up to 1.1.0). The connected sources consistently describe an unauthenticated Stored Cross-Site Scripting (XSS) vulnerability resulting from missing authorization/CSRF protection when saving templates (wpbtn_save_templa...