CVE-2024-2858

The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Configurations

Configuration 1 (hide)

cpe:2.3:a:robbychen:simple_buttons_creator:*:*:*:*:*:wordpress:*:*

History

08 May 2025, 20:31

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a/ - () https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a/ - Exploit, Third Party Advisory
First Time Robbychen simple Buttons Creator
Robbychen
CPE cpe:2.3:a:robbychen:simple_buttons_creator:*:*:*:*:*:wordpress:*:*
CWE CWE-352

21 Nov 2024, 09:10

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a/ - () https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a/ -

01 Aug 2024, 13:49

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

15 Apr 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-15 05:15

Updated : 2025-05-08 20:31


NVD link : CVE-2024-2858

Mitre link : CVE-2024-2858

CVE.ORG link : CVE-2024-2858


JSON object : View

Products Affected

robbychen

  • simple_buttons_creator
CWE
CWE-352

Cross-Site Request Forgery (CSRF)