CVE-2021-24792

Name of the Vulnerable Software and Affected Versions: Shiny Buttons WordPress plugin versions 1.1.0 and earlier

Description: The issue concerns the lack of authorization and CSRF protection when saving a template, specifically through the wpbtn save template function hooked to the init action. Additionally, the plugin fails to sanitize and escape template data before outputting it in the admin dashboard. This allows unauthenticated users to add malicious templates, leading to Stored Cross-Site Scripting issues.

Recommendations: For Shiny Buttons WordPress plugin versions 1.1.0 and earlier, consider disabling the wpbtn save template function until a patch is available to prevent exploitation. Restrict access to the template saving functionality to minimize the risk of Stored Cross-Site Scripting issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.