10 matches found
CVE-2021-24792
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a...
WordPress Shiny Buttons plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...
CVE-2021-24792
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a...
CVE-2021-24792
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a...
Cross site scripting
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a...
CVE-2021-24792
The CVE-2021-24792 entry concerns the WordPress plugin Shiny Buttons (versions up to 1.1.0). The connected sources consistently describe an unauthenticated Stored Cross-Site Scripting (XSS) vulnerability resulting from missing authorization/CSRF protection when saving templates (wpbtn_save_templa...
CVE-2021-24792 Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...
Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
The plugin does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored...
WordPress Shiny Buttons plugin <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vishal Mohan in WordPress Shiny Buttons plugin versions = 1.1.0. Solution Deactivate and delete. This plugin has been closed as of September 27, 2021 and is not available for download. This closure is temporary, pending a...