Pular para o conteúdo
Ver todas as ameaças

CVE-2024-2857

Alvo: Não informado

Descrição

The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-2857
Tags
Nâo informado
Data de publicação
15/04/2024
Última atualização
16/04/2024
Pontuação em CVSS 3.0
---
Não medido
plugins premium WordPress