3 matches found
CVE-2024-2857
The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them...
CVE-2024-2857
The CVE refers to WordPress plugin Simple Buttons Creator (
WordPress Simple Buttons Creator Plugin <= 1.04 is vulnerable to Cross Site Scripting (XSS)
Software Simple Buttons Creator Type Plugin Vulnerable versions = 1.04 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2857 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f8f6e6e1aab1 Credits Bob Matyas...