Simple Buttons Creator
Approved changes feed: RSS · Atom
cpe:2.3:a:wordpress_plugin:simple_buttons_creator:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wordpress Plugin (7d87103a-1bb0-5bda-9779-2cca40dbea1c) |
|---|---|
| Product | Simple Buttons Creator (e37f6c3c-f8e8-59b5-bdac-8a249a53a6ed) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-2858 |
vulnerable | 2026-06-08 06:35:27.535280 |
Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF
The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Published: 2024-04-15T05:00:06.077Z
Updated: 2024-08-01T19:25:42.166Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2857 |
vulnerable | 2026-06-08 06:35:27.533559 |
Simple Buttons Creator <= 1.04 - Unauthenticated Stored XSS
The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
Published: 2024-04-15T05:00:05.871Z
Updated: 2024-08-09T18:43:11.239Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.