WordPress Sticky Buttons plugin < 3.2.4 - Button Deletion via CSRF vulnerability

Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Sticky Buttons versions 3.2.4...

WordPress Wow Skype Buttons plugin < 4.0.4 - Button Deletion via CSRF vulnerability

Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Wow Skype Buttons versions 4.0.4...

WordPress Button Generator plugin < 3.0 - Button Deletion via CSRF vulnerability

Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Button Generator – easily Button Builder versions 3.0...

CVE-2024-3471

The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack...

CVE-2024-3475 Sticky Buttons < 3.2.4 - Button Deletion via CSRF

The Sticky Buttons WordPress plugin before 3.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...

WordPress Simple Buttons Creator plugin <= 1.04 - Arbitrary Button Deletion via CSRF vulnerability

Arbitrary Button Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Simple Buttons Creator versions = 1.04...

CVE-2024-2858 Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

Sticky Buttons < 3.2.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...

Sticky Buttons < 3.2.4 - Button Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...

Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks Make a logged in admin open a page with the code below where is an existing button:...

CVE-2021-24572

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could...