CVE-2024-2857

Name of the Vulnerable Software and Affected Versions The Simple Buttons Creator WordPress plugin versions 1.04 and earlier

Description The issue affects the add button function of the plugin, which lacks authorization and CSRF protection, allowing unauthenticated users to call it directly or via CSRF attacks. Additionally, due to insufficient sanitization and escaping, this could enable Stored Cross-Site Scripting attacks against logged-in administrators.

Recommendations For versions 1.04 and earlier, update to a version that includes proper authorization and CSRF protection in the add button function, and ensure that user input is properly sanitized and escaped to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.