CVE-2024-2857

The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them...

CVE-2024-2858

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WordPress Simple Buttons Creator plugin <= 1.04 - Arbitrary Button Deletion via CSRF vulnerability

Arbitrary Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Simple Buttons Creator versions = 1.04...

CVE-2024-2858

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-2857

The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them...

CVE-2024-2857

The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them...

CVE-2024-2858 Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Request Forgery (CSRF)

Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2858 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID bfe6a65231af Credits Bob Matyas...

WordPress Plugin Simple Buttons Creator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Scripting (XSS)

Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2857 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8f6e6e1aab1 Credits Bob Matyas...

PT-2024-22483 · WordPress · The Simple Buttons Creator

Name of the Vulnerable Software and Affected Versions: Simple Buttons Creator WordPress plugin versions 1.04 and earlier Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks...

Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open a page with the code below where is an existing button:...