Back to search
CVE-2021-24792
Published: Dec 13, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored Cross-Site Scripting issues.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Shiny Buttons – CSS3 Button Generator for WordPress | affected 1.1.0 - <= 1.1.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now