CVE-2025-22787

CVE-2025-22787 is a Missing Authorization vulnerability in the WordPress plugin Button Block by bPlugins LLC , affecting versions up to 1.1.5. Per the provided documents, the CVE is associated with access to functions not properly constrained by ACLs, with a CVSS v3.1 base score of 8.8 (High) , a...

CVE-2024-10671

CVE-2024-10671 affects the WordPress plugin Button Block (versions up to and including 1.1.4). The issue allows authenticated attackers with Contributor-level access and above to exfiltrate data from password‑protected, private, or draft posts via the btn_block shortcode due to insufficient post‑...

CVE-2025-22815

CVE-2025-22815 describes a Stored XSS in Button Block plugin for WordPress (Button Block: from n/a through 1.1.6). The issue arises from improper neutralization of input during web page generation, enabling stored cross-site scripting. Affected software: Button Block (WordPress plugin). Root caus...

CVE-2024-12560

The CVE refers to Button Block – Get fully customizable & multi-functional buttons (WordPress plugin) with a vulnerability in the btn_block_duplicate_post function affecting all versions up to 1.1.5. The issue enables Sensitive Information Exposure/escalation for authenticated attackers with Cont...